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Confronting  Cyber  Uncertainty 


We  live  in  a  truly  global  society  shaped  by  the  advent  of  the  telephone,  the  data 
network,  the  jet  airliner,  and,  now,  the  Internet.  As  the  impact  of  globalization 
spreads,  all  of  us  —  in  business,  government,  and  our  private  lives  —  have  come  to 
depend  on  the  Internet.  Its  influence  cannot  be  overstated.  The  Internet  is  pervasive, 
accessible  to  a  growing  number  of  people,  and  it  enables  us  to  do  things  we  would  have 
thought  impossible  not  long  ago.  I  wish  I  could  say  all  this  was  good,  but  like  so  many 
technologies,  there  are  downsides.  Information  can  be  stolen,  damaged,  and  denied  on 
the  Internet.  Personal  identities,  intellectual  capital,  even  valuable  military  data,  can  be  compro¬ 
mised  and  manipulated.  Criminals,  terrorists,  and  nations  can  -  and  do  -  exploit  the  vulnerabil¬ 
ities  in  computers  and  networks  for  their  own  purposes.  In  spite  of  all  the  growth  and  advance¬ 
ment  we  have  seen,  the  global  strategic  environment  is  increasingly  defined  by  uncertainty. 

Confronting  uncertainty  demands  increased  agility,  and  agility  can  be  enhanced  by  unlocking 
the  power  of  information  -  making  it  visible,  understandable,  shared,  and,  above  aU,  trusted. 
The  security  of  our  nation  rests  on  being  able  to  share  information  in  an  environment  free  from 
unnecessary  limitations  and  constraints.  In  the  past,  we  moved  and  shared  information  inside 
our  agencies  and  departments  or  between  them,  but  only  if  our  specific  needs  were  known.  The 
interface  for  moving  information  had  to  be  engineered  ahead  of  time  and  the  determination 
that  someone  might  want  or  need  the  information  had  to  be  made  well  in  advance.  It  was  very 
difficult  to  share  information  on  an  ad-hoc  basis. 

Today,  we  produce  data  that  is  timely  and  useful  to  others,  but  predetermined  formats  must 
be  used.  Information  can  be  made  accessible  and  secure,  but  only  if  we  stay  within  departmen¬ 
tal  boundaries  and  systems.  Today,  information  collection  and  analysis  is  ready  for  posting,  but 
only  if  you  know  where  to  find  it.  What  if  we  could  remove  those  obstacles  and  migrate  to  a 
completely  net-centric  information  environment?  What  if  we  could  shift  from  a  culture  of 
hoarding  data  to  a  culture  that  readily  shares  it?  Imagine  how  much  more  effective  we  would  be. 

To  transition  to  a  sharing  culture,  national  and  Department  of  Defense  (DoD)  information 
sharing  strategies  and  plans  have  been  put  in  place  to  ensure  interagency  sharing  of  informa¬ 
tion.  Within  the  DoD,  our  key  goals  have  been  to  build  the  Net,  populate  the  Net,  operate  the 
Net,  and  protect  the  Net  across  the  enterprise. 

I  cannot  overemphasize  how  vital  information  sharing  is  to  our  national  leadership  under  all 
conditions.  Network  cyber-security  and  infrastructure  are  critical  to  our  national  economy  and 
security.  From  the  President  to  the  warfighter,  leading-edge  information  technology  has  made  it 
possible  for  users  to  say,  “I  can  get  the  information  I  need  to  perform  my  mission,”  and  that  is 
net-centric  transformation. 

We  have  to  remember  that  we  are  stewards  of  government  information  —  we  don’t  own  it  — 
and  we  have  a  responsibility  to  share  it. 


Sponsor 


July  2008 


www.stsc.hill.af.mil  3 


Information  Assurance 


An  Introduction  to  the  Deputy  Assistant  Secretary  of 
Defense  for  Information  and  Identity  Assurance 


Robert  Lentz 

Deputy  Assistant  Secretary  of  Defense  for  Information  and  Identity  Assurance 

Trusted  information,  anytime,  anywhere  is  the  vision  of  the  year-old  Office  of  the  Deputy  Assistant  Secretary  of  Defense 
for  Information  and  Identity  Assurance  (DASD[IIAJ).  Evety  functional,  operational,  domain,  and  institutional-based 
joint  capability  of  the  Department  of  Defense  (DoD)  is  information  dependent  and  relies  on  trusted  information  to  func¬ 
tion  effectively.  The  DoD  faces  daily  attacks  on  its  networks  and  systems,  ranging  from  curious  kids  to  much  more 
advanced,  organi-yed  campaigns.  The  DASD(11A)  team  is  providing  a  defense-in-breadth  approach  to  protect  our  systems, 
networks,  and  information. 


Defense  transformation  hinges  on 
the  recognition  that  information  is 
a  key  strategic  resource  within  the  DoD 
and  across  government  agencies.  This 
information  is  a  critical  component  of 
situational  awareness,  allowing  decision 
makers  at  all  levels  to  quickly  turn  infor¬ 
mation  into  decisions  and,  ultimately, 
into  actions.  Ensuring  timely  and  trust¬ 
ed  information  is  available  wherever, 
whenever,  and  to  those  who  need  it 
most  is  at  the  heart  of  net-centricity. 
Net-centricity  ensures  that  authorized 
users  at  any  level  can  take  what  they 
need  and  contribute  what  they  know. 

The  benefits  of  net-centricity 
unquestionably  rely  on  one  fundamen¬ 
tal  prerequisite:  identity  assurance. 
Users  must  have  confidence  that  infor¬ 
mation  has  integrity  —  it  has  not  been 
tampered  with;  authenticity  —  it  is  from 
a  trusted  source;  and  availability  —  it  will 
be  accessible  when  needed,  even  in  the 
face  of  attack.  Threats  to  our  informa¬ 
tion  are  real,  multi-faceted,  sophisticat¬ 
ed,  and  growing  in  number  and  effec¬ 
tiveness.  Additionally,  the  DoD’s  mis¬ 
sions  are  increasingly  dependent  on  the 
information  technology  (IT)  underpin¬ 
nings  provided  by  the  Global 
Information  Grid  (GIG).  The  GIG’s 
resiliency  and  continuity  of  mission- 
essential  functions  is  a  priority  as 
sophisticated  adversaries  improve 
knowledge  of  our  capabilities. 
Moreover,  as  the  business  and  opera¬ 
tional  environments  in  which  we  oper¬ 
ate  continue  to  change  almost  daily,  we 
can  neither  predict  when  nor  how 
today’s  technologies  will  be  overtaken 
by  more  advanced  technologies,  nor 
can  we  predict  how  events  around  the 
world  will  affect  future  requirements 
and  what  the  costs  will  be  to  protect 
our  assets.  The  Information  Assurance 
(lA)  community’s  challenge  is  to  ad¬ 
dress  today’s  challenges  while  develop¬ 


ing  new  and  innovative  capabilities  to 
avert  and  mitigate  tomorrow’s  threats 
and  the  impact  of  yet-unknown  exter¬ 
nal  factors. 

Recognizing  the  importance  of  a 
secure,  trusted  network,  the  Honorable 
John  J.  Grimes,  Assistant  Secretary  of 


as  the  business  and 
operational  environments 
in  which  we 
operate  continue 
to  change  almost  doily, 
we  can  neither 
predict  when  nor  how 
today's  technologies 
will  be  overtaken  by 
more  advanced 
technologies  .J* 

Defense  for  Networks  and  Information 
Integration/DoD  Chief  Information 
Officer  (ASD[NII]/DoD  CIO),  recent¬ 
ly  created  the  Office  of  the 
DASD(IIA).  The  office  was  created 
from  the  lA  Directorate;  formally  part 
of  the  deputy  CIO’s  office,  and  elevat¬ 
ed  the  oversight  of  lA  throughout  the 
DoD  from  a  director-level  position  to 
the  level  of  a  deputy  assistant  secretary. 

The  new  office  is  organized  around 
the  following  directorates: 

•  The  lA  Policy  and  Strategy 
Directorate,  responsible  for  provid¬ 


ing  lA  policy  and  strategic  direction 
to  enable  capabilities  required  to 
deliver  lA  throughout  the  DoD.  To 
include  devising  and  advancing  lA 
strategic  initiatives,  enabling  assured 
net-centric  operations,  developing 
domestic  and  coalition  cyber  part¬ 
nerships,  and  influencing  secure  and 
resilient  network  architectures. 

•  The  Defense-wide  lA  Program 
(DIAP)  Directorate,  responsible  for 
ensuring  the  DoD’s  vital  informa¬ 
tion  resources  are  secured  and  pro¬ 
tected  through  lA  compliance  by 
applying  a  defense-in-breadth  meth¬ 
odology  that  integrates  the  capabili¬ 
ties  of  people,  operations,  and  tech¬ 
nology  to  establish  multilayer,  multi¬ 
dimensional  protection. 

•  The  Identity  Assurance/Public  Key 
Infrastructure  Directorate,  responsi¬ 
ble  for  providing  DoD-level  direc¬ 
tion  and  guidance  for  enterprise¬ 
wide  identity  services  that  ensure 
the  availability  of  an  operational 
identity  management  infrastructure 
consistent  with  the  architectural 
constructs  established  in  the  GIG. 

•  The  Globalization  Task  Force, 
responsible  for  developing  and 
overseeing  implementation  of  a 
strategy  for  mitigating  national  secu¬ 
rity  risks  arising  from  the  increasing 
globalization  of  the  information 
and  communications  technologies 
infrastructure  consistent  with  the 
objectives  of  ASD(NII)/DoD  CIO 
and  national  policy. 

•  The  Defense  Industrial  Base  Cyber 
Security  Task  Force,  responsible  for 
securing  critical  DoD  programs  and 
technology  by  protecting  DoD  con¬ 
trolled  unclassified  information  res¬ 
ident  on  defense  industrial  base  net¬ 
works  through  the  development, 
implementation,  and  execution  of 
DoD  policy,  resources,  structure. 
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and  processes  in  collaboration  with 
DoD  components,  industry,  and 
other  federal  government  depart¬ 
ments,  collectively  known  as  the 
interagency. 

•  A  DoD  senior  lA  engineer  and  chief 
technology  officer  to  provide  advice 
on  lA  engineering  programs  and 
projects  and  emerging  technical 
challenges,  planning  and  execution 
of  the  GIG  lA  Portfolio  Manage¬ 
ment  Office  (GIAP)  and  enterprise¬ 
wide  systems  engineering  efforts. 

In  addition  to  the  these  directorates, 
the  office  is  tasked  with  management 
oversight  for  the  GIAP  and  tasked  with 
analyzing,  selecting,  controlling,  and 
evaluating  critical  lA  capabilities  and 
associated  investments  to  enable  infor¬ 
mation  superiority  to  deliver  the  best 
mix  of  lA  capabilities,  ensuring  cyber¬ 
space  dominance  across  the  full  range 
of  military  operations.  The  Unified 
Cross  Domain  Management  Office  is 
tasked  with  providing  centralized  direc¬ 
tion,  coordination,  and  oversight  for  all 
cross  domain  activities  and  investments 
within  the  DoD. 

lA  within  the  DoD  previously  relied 
on  a  defense-in-depth  approach  to  assuring 
information  based  largely  upon  fire¬ 
walls  and  software  patches;  the  focus 
was  on  attempting  to  keep  intruders  out 
and  data  safe.  As  approaches  to  lA  have 
evolved,  the  DoD  is  moving  towards  a 
defense-in-breadth  approach,  integrating 
capabilities  of  people,  operations,  and 
technology  to  establish  a  multi-layer, 
multi-dimensional  protection  that  will 
assure  our  information  warfare  capabil¬ 
ities  and  information-critical  compo¬ 
nents  are  trusted  throughout  their  life¬ 
span  to  achieve  decision/ mission  supe¬ 
riority. 

This  defense-in-breadth  approach 
will  be  highlighted  in  a  rewrite  of  the 
DoD  lA  Strategic  Plan  (SP)  to  be  com¬ 
pleted  this  year.  The  original  DoD  lA 
SP  provided  a  shared  vision,  goals, 
objectives,  and  a  consistent,  enterprise¬ 
wide  approach  for  securing  the  GIG 
since  its  release  in  January  2004.  As 
stated  in  the  first  version  of  the  DoD 
lA  SP,  it  is  a  living  document  and  we  are 
committed  to  updating  it  to  keep  it  vital 
and  to  accurately  reflect  the  major  I A 
issues  confronting  the  DoD.  As  such, 
an  updated  version  of  the  DoD  lA  SP 
was  signed  by  the  ASD(NII)/DoD 
CIO  in  March  2008'.  The  revised  plan 
reaffirms  the  vision  and  goals  intro¬ 
duced  in  2004  for  assuring  information 
and  updates  relevant  objectives  and  the 
actions  critical  to  securing  the  net-cen¬ 


tric  GIG  and  achieving  our  long-term 
vision:  delivering  the  power  of  infor¬ 
mation:  access  —  share  —  collaborate. 
The  following  five  goals  introduced  in 
2004  remain  in  the  2008  interim  version 
and  continue  to  be  the  cornerstone  of 
the  DoD  lA  SP: 

•  Goal  1:  Protect  information  to 
achieve  assured  information 
sharing.  Achieving  this  goal  of 
trusted  data  anywhere  on  the  Net 
requires  partnerships  and  combined 
efforts  with  other  components  of 
the  security  community  (i.e.,  physi¬ 
cal  security,  personnel  security,  and 
critical  infrastructure  protection)  in 
order  to  provide  an  integrated  sys¬ 
tems  security  posture. 

•  Goal  2:  Defend  systems  and  net¬ 
works.  The  points  of  focus  for  this 
goal  are  the  Computer  Network 
Defense  protection,  detection,  and 

**The  planned  revision 
to  the  Strategic  Plan 
will  place  significant 
emphasis  on 
operationalizing  full 
life-cycle  security, 
or  defense-in-breadth, 
and  will  refiect  the 
strategic  priorities 
of  the  DoD  ... 

reaction  mechanisms  for  DoD  sys¬ 
tems  and  networks  and  adaptive 
configuration  management,  a  critical 
capability  that  includes  both  active 
and  passive  defenses  necessary  to 
correctly  respond  to  legitimate  but 
changing  demands  while  simultane¬ 
ously  defending  against  adversary- 
induced  threats. 

•  Goal  3:  Align  GIG  mission  assur¬ 
ance  through  integrated  lA  situa¬ 
tional  awareness  and  lA  com¬ 
mand  and  control.  The  complex 
and  interdependent  nature  of  our 
information  networks  and  the 
demands  of  net-centric  warfare 
require  shared  awareness  and  under¬ 
standing  across  the  enterprise  to 
enable  effective  command  and  con¬ 
trol.  Combatant  commanders 


require  sufficient  visibility  into  their 
network  operations,  including  the 
threats  to  these  networks  and  the  lA 
capabilities  applied  to  protect, 
defend,  and  respond  to  them. 

•  Goal  4:  Transform  and  enable  lA 
capabilities.  Transforming  lA 
capabilities  depends  heavily  on  the 
ability  to  influence  the  processes  the 
DoD  uses  to  create,  assess,  test,  and 
implement  new  ideas.  Developing 
new  approaches  to  problem  solving 
depends  on  the  synergy  between 
each  process  as  an  idea  progresses 
from  concept  to  reality.  The  focus 
of  this  goal  is  to  influence  the  devel¬ 
opment  of  three  key  processes 
(acquisition,  planning,  and  innova¬ 
tion)  to  further  the  lA  mission  and 
support  the  transformation  of  the 
force. 

•  Goal  5:  Create  an  lA-empowered 
workforce.  This  goal  addresses  I A 
awareness,  technical  training,  and 
security  management.  lA  awareness 
is  targeted  to  all  DoD  employees, 
from  entry-level  to  senior  executive 
service  to  flag  officer.  Technical 
training  and  education  focuses  on 
system  and  network  administrators 
and  personnel  performing  mainte¬ 
nance  functions  on  DoD  worksta¬ 
tions,  systems,  and  networks  as  well 
as  lA  officers,  lA  managers,  desig¬ 
nated  approving  authorities,  and 
their  lA  staffs. 

The  planned  revision  to  the  SP  will 
place  significant  emphasis  on  opera¬ 
tionalizing  full  life-cycle  security,  or 
defense-in-breadth,  and  will  reflect  the 
strategic  priorities  of  the  DoD  outlined 
in  the  Quadrennial  Defense  Review 
and  the  CIO’s  SP.  Additionally,  it  will 
call  out  lA  as  the  bedrock  underpinning 
the  GIG  and  place  more  emphasis  on 
achieving  mission  assurance  by  expand¬ 
ing  the  scope  of  our  third  goal:  to 
leverage  all  elements  of  information 
warfare  and  operationalizing  the 
defense-in-breadth  approach. 

The  DoD  has  realized  several  signif¬ 
icant  accomplishments  across  each  of 
the  five  goals  to  effectively  increase  its 
security  posture;  however,  while 
tremendous  progress  has  been  made  in 
validating  requirements,  defining  an 
architectural  road  map,  operationalizing 
policies  and  transformative  processes, 
and  developing  and  deploying  innova¬ 
tive  technical  solutions  to  the  warfight¬ 
ers  and  business  communities,  our 
future  success  will  require  a  continued 
focus  on  the  operational  aspects  of  lA, 
fusing  people,  processes,  and  technolo- 
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gies  to  combat  current  and  future 
threats  in  real-world  operational  envi¬ 
ronments.  This  includes  a  fusion  with 
the  IC. 

A  significant  accomplishment  of  the 
new  DASD  has  been  the  publication  of 
DoD  lA  Certification  and  Accredi¬ 
tation  Process  (DIACAP)^,  which 
replaces  the  interim  DIACAP  instruc¬ 
tion  released  in  July  2006.  The  DIA¬ 
CAP  instruction  articulates  policy  and 
establishes  the  process  for  conducting 
lA  certification  and  accreditation 
(C&A)  of  DoD  information  systems. 
Replacing  the  DoD  IT  security  certifi¬ 
cation  and  accreditation  process,  the 
DIACAP  supports  the  evolution  to  a 
net-centric  GIG  through  a  dynamic  lA 
C&A  process  that  provides  visibility 
and  control  of  lA  capabilities  and  ser¬ 
vices,  including  core  enterprise  services 
and  Web-enabled  systems  and  applica¬ 
tions. 

Under  the  DIACAP,  all  DoD- 
owned  information  systems  and  DoD 
controlled  information  systems  operat¬ 
ed  by  a  contractor  or  other  entity  on 


behalf  of  the  DoD  will  be  certified  and 
accredited  through  a  standardized 
enterprise  process  for  identifying, 
implementing,  and  managing  lA  capa¬ 
bilities  and  services.  Through  this 
enterprise  process,  the  DIACAP  sup¬ 
ports  the  transition  of  DoD  informa¬ 
tion  systems  to  GIG  standards  and  a 
net-centric  environment  while  enabling 
assured  information  sharing. 

Crosstalk  has  been  gracious 
enough  to  devote  this  issue  to  DoD  lA 
issues.  We  hope  you  find  them  informa¬ 
tive,  thought-provoking,  and  helpful 
towards  understanding  the  roles,  mis¬ 
sions,  and  challenges  that  face  the  DoD 
today  and  in  the  future. ♦ 

Notes 

1.  Available  online  at  the  DoD  lA 
Portal,  Common  Access  Card  re¬ 
quired  <https://www.us.army.mil/ 
suite/ portal/index. jsp>. 

2.  DoD  Instruction  8510.01.  28  Nov. 
2007  <www.dtic.mil/whs/directives/ 
corres/pdf/ 851001p.pdf>. 
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CNSS:  Interagency  Partnering  to  Protect  Our 
National  Security  Systems 


The  Honorable  John  G.  Grimes 
Department  of  Defense  Chief  Information  Officer 

The  CNSS  performs  the  vital  function  of  mohilirfng  the  full,  interageng  National  Security  Community  for  the  protection 
of  telecommunications  and  information  systems  that  support  U.S.  national  security.  This  article  describes  recent  strategic 
accomplishments  of  the  CNSS  and  individual federal  departments  and  agencies  along  with  priorities  for  2008. 


The  United  States  faces  increasing 
threats  in  the  homeland  security,  cyber 
security  and  information  sharing  environ¬ 
ments,  and  the  need  for  increased  cooper¬ 
ation  among  key  members  of  govern¬ 
ment,  industry,  academia,  the  private  sec¬ 
tor,  and  allied  nations  has  never  been 
greater.  CNSS  provides  an  interagency 
forum  for  addressing  lA  policy  issues 
impacting  critical  NSS.  Through  its  mem¬ 
bership  and  partnerships  (a  total  of  21 
members  and  10  observers  from  the  exec¬ 
utive  branch  of  the  U.S.  government)  the 
CNSS  has  a  history  of  addressing  vulner¬ 
abilities  that  have  the  potential  to  impact 
the  national  security  community’s  ability 
to  safeguard  key  systems.  In  2007,  the 
CNSS  made  significant  contributions  to 
federal,  state,  local,  and  coalition  security 
efforts  across  the  following  five  areas: 

I.  Assured  Information 
Sharing  (AIS) 

AIS  is  fundamental  to  the  integrity  of  our 
data  and  systems,  and  is  essential  to  the 
nation’s  well-being  and  defense.  The 
CNSS  is  actively  engaged  in  making  signif¬ 
icant  improvements  across  these  areas. 
The  UCDMO  —  a  joint  effort  between  the 
DoD  and  the  DNI  —  has  put  out  a  unified 
technology  road  map  to  expedite  the  use 
of  information  sharing  solutions  between 
classification  domains.  The  CNSS  will 
extend  the  UCDMO’s  progress  to  other 
federal  departments  and  agencies  and 
improve  information  sharing  among  gov¬ 
ernment  departments  and  agencies.  One 
of  the  key  tools  that  revolutionized  com¬ 
munications  in  recent  years  has  been  wire¬ 
less  devices  such  as  PDAs  and  Blackberries. 
The  emergence  of  the  Secure  Mobile 
Environment  Portable  Electronic  Device 
-  with  e-mail  and  Web  browsing  capabili¬ 
ties  up  to  the  Secret  level  and  voice  capa¬ 
bilities  up  to  Top  Secret  -  is  taking  wire¬ 
less  to  the  next  level.  It  will  provide  the 
homeland  and  national  security  communi¬ 
ties  with  secure  communications  whenev¬ 
er  and  wherever  they  are  needed.  Another 
area  the  CNSS  has  emphasized  is  the  use 


of  data  at  rest  encryption  to  protect  sensi¬ 
tive  unclassified  data  stored  on  removable 
media  and  mobile  computing  devices  like 
laptops.  Communication  and  information 
exchange  between  the  U.S.  and  our  allies 
in  the  global  war  on  terror  has  been  an 
area  where  the  CNSS  has  been  actively 
engaged.  In  2007,  the  CNSS  approved 
more  than  60  transfers  of  critical  products 
to  improve  information  sharing.  For  2008, 
CNSS  priorities  for  AIS  will  highlight  the 
need  for  developing  and  deploying  more 

'V\ccess  control  based 
on  standard  user 
characteristics  (like 
the  user's  organization 
or  role)  increases 
both  speed  and 
security  when  it 
comes  to  information 
sharing. 

tools,  technologies,  and  products  that  will 
ensure  the  national  security  community 
has  secure,  reliable  access  to  information 
whenever  and  wherever  it  is  needed. 

2.  Managing  Risk 

Assessing  and  managing  risk  is  essential  to 
safeguarding  NSS,  and  we  have  a  solid 
strategy  to  counter  the  threats  posed  by 
those  who  attempt  to  exploit  vulnerabili¬ 
ties  in  the  hardware  and  software  we  rely 
on.  The  CNSS  is  championing  a  common 
risk  assessment  methodology  and  a  com¬ 
mon  C&A  process  across  the  govern¬ 
ment.  These  changes  will  help  identify 
vulnerabilities,  determine  acceptable  risk 
levels,  and  increase  trust  among  system 
owners.  The  use  of  common  approaches 
will  improve  capabilities,  reduce  costs,  and 


increase  interoperability.  For  the  coming 
year  our  priorities  for  managing  risk 
include  establishing  common  approaches 
for  C&A,  risk  assessment,  and  managing 
supply  chain  risk. 

3.  Identity  Assurance 

The  majority  of  successful  network  pene¬ 
trations  today  are  due  to  failures  in  identi¬ 
ty  assurance  where  a  compromised  pass¬ 
word  and  user  ID  have  been  used  to  gain 
unauthorized  access.  Establishing  strong 
identification  and  authentication  tech¬ 
niques  for  people  and  devices  are  central 
to  any  security  effort,  and  that  makes 
assurance  critical.  Access  control  based  on 
standard  user  characteristics  (such  as  the 
user’s  organization  or  role)  increases  both 
speed  and  security  when  it  comes  to  infor¬ 
mation  sharing.  Members  of  the  CNSS 
are  working  to  promote  the  use  of  identi¬ 
ty  assurance  technologies  such  as  smart 
cards,  tokens,  biometrics,  and  public  key 
technologies.  Identity  assurance  priorities 
include  expanding  the  public  key  infra¬ 
structure  to  additional  communities  of 
interest  and  leveraging  other  promising 
technologies  such  as  biometrics. 

4.  Network  Resilience  for 

Mission  Assurance 

The  global  information  infrastructure 
supporting  the  President,  our  military 
commanders,  and  homeland  security  lead¬ 
ers  must  be  reliable  and  resilient  even  in 
the  face  of  attacks.  National  security  rests 
on  having  the  confidence  that  these  criti¬ 
cal  functions  will  be  accessible  during  dis¬ 
rupted  and  distressed  conditions.  By 
working  with  private  sector  and  allied 
partners,  we  ensure  critical  capabilities  and 
missions  remain  operational. 

CNSS  Policy  No.  12,  issued  in  March 
2007,  emphasized  integrating  lA  into  the 
life-cycle  of  space  systems  that  collect, 
generate,  process,  store,  display,  or  trans¬ 
mit  national  security  information.  This 
was  a  huge  step  forward  and  had  a  dra¬ 
matic  impact  on  the  commercial  satellite 
assets  so  critical  to  keeping  our  networks 
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resilient.  Additional  ptiotioes  for  2008 
include  national-level  exercises  to  enhance 
responses  to  serious  cyber-degradation  by 
critical  infrastructure  owners/ operators, 
accelerating  next-generation  security  man¬ 
agement  infrastructure  development, 
security  capabilities  supporting  global 
information  sharing,  and  increasing  the 
focus  on  continuity  of  operations  and 
reconstitution. 

5.  Building  and  Sustaining  the 
lAWork  Force 

People  are  the  most  critical  element  in 
securing  national  security  systems.  They 
operate  the  technology,  implement  the 
procedures,  execute  the  policies,  and  make 
the  decisions  that  impact  everything  the 
CNSS  touches.  The  lA  professionals  who 
build,  maintain,  and  defend  our  critical 
networks  deserve  the  best  education  and 
training  possible,  and  the  CNSS  has  estab¬ 
lished  strict  standards  for  national  lA 
training  and  education  to  support  them. 
These  standards  have  been  incorporated 
into  the  training  curriculum  at  more  than 
160  institutions  in  government,  academia, 
and  the  private  sector.  In  2007,  more  than 
80  centers  of  academic  excellence  across 
34  states  and  the  District  of  Columbia 
provided  college  students  with  high-level 
lA  education,  along  with  the  opportunity 
to  earn  federal  scholarships.  Many  schol¬ 
arship  students  are  now  working  for  the 
federal  government  where  their  lA  exper¬ 
tise  is  contributing  to  the  security  of  our 
national  information  infrastructure.  CNSS 
priorities  for  2008  include  improving  lA 
education  nationwide  and  working  more 
closely  with  private  sector  training  and 
certification  vendors  to  infuse  standards 
into  their  certification  programs. 

As  the  CNSS  Chair,  I  am  proud  to  say 
it  continues  to  be  an  invaluable  intera¬ 
gency  forum  for  engaging  the  national 
security  community  on  long-term,  inte¬ 
grated  solutions  so  vital  to  protecting  the 
global  information  infrastructure.  CNSS 
priorities  for  2008  support  the  President’s 
national  cyber-security  initiative,  and  focus 
on  increasing  the  level  of  trust  in  NSSs, 
protecting  them  from  our  adversaries  and 
making  certain  that  mission-essential 
functions  can  be  performed  in  an  increas¬ 
ingly  hostile  cyber-environment.  The 
complex  challenges  and  emerging  issues 
brought  to  the  forefront  by  this  invaluable 
group  not  only  delivered  benefits  for 
national  security,  they  also  created  a  ripple 
effect  that  touches  countless  other  func¬ 
tional  areas  and  communities.^ 
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Making  GIG  Information  Assurance 
Better  Through  Portfolio  Management 


Thomas  E.  Anderson 
GIG  Information  Assurance  Porifolio  Management  Office 

Within  the  federal  government,  IT  porfolio  management  (PfM)  emerged  as  a  fundamental  business  imperative  driven 
by  legislation  such  as  the  Clinger  Cohen  Act  (CCA)  [1]  of  1996,  which  called  for  greater  accountability  for  perfor¬ 
mance  and  expenditures.  In  addition  to  providing  guidance  to  the  federal  government  on  how  to  improve  the  manage¬ 
ment  and  allocation  of  its  investments,  CCA  also  changed  the  organisational  structure  and  behavior  of  the  govern¬ 
ment,  vesting  more  power  in  its  CIOs.  This  article  provides  insight  into  how  the  DoD  CIO  has  approached  PfM  for 
I  A  within  the  GIG. 


In  October  2005,  the  Deputy  Secretary 
of  Defense  signed  out  DoD  Directive 
(DoDD)  8115.01,  “Information  Technol¬ 
ogy  Portfolio  Management”  [2],  which 
established  policy  and  assigned  responsi¬ 
bilities  for  the  management  of  DoD  IT 
investments  as  portfolios  that  focus  on 
improving  DoD  capabilities  and  mission 
outcomes.  Under  the  directive,  the 
responsibility  of  establishing  guidance  for 
managing  portfolios  was  placed  with  the 
ASD[NII]/DoD  CIO.  Individual  portfo¬ 
lios  manage  their  investments  using  strate¬ 
gic  plans,  GIG  architecture,  risk  manage¬ 
ment  techniques,  and  capability  goals, 
objectives,  and  performance  measures. 

As  the  benefits  of  PfM  have  become 
more  widely  recognized,  the  DoD  is  mov¬ 
ing  toward  the  management  of  all  invest¬ 
ments  (not  just  IT)  as  portfolios.  The  2005 
Quadrennial  Defense  Review  initiated  a 
process  that  has  piloted  Capability 
Portfolio  Management  (CPM)  and  speci¬ 
fied  a  structure  whereby  capabilities  will 
be  managed  in  a  series  of  portfolios.  The 
DoD  is  preparing  to  issue  an  overarching 
policy  to  formalize  a  comprehensive  DoD 
CPM  framework  based  on  the  Joint 
Capability  Area  taxonomy.  To  avoid  the 
confusion  of  having  two  portfolio 
processes  within  the  DoD,  the  DoDD 
8115.01,  “Information  Technology  PfM,” 
will  be  canceled  when  the  new  CPM  poli¬ 
cy  is  issued.  The  policies  currently  con¬ 
tained  in  DoD  Instruction  8115.02, 
“Information  Technology  PfM  Imple¬ 
mentation,”  will  be  updated  to  support  the 
CPM  framework  and  fully  merge  portfolio 
governance  structures. 

Under  this  new  framework,  capability 
portfolio  managers  will  make  recommen¬ 
dations  to  the  Deputy  Secretary  of 
Defense  and  the  Deputy’s  Advisory 
Working  Group  on  capability  develop¬ 
ment  issues  within  their  respective  portfo¬ 
lios.  They  have  no  independent  decision¬ 
making  authority  and  will  not  infringe  on 
any  existing  statutory  authorities.  For 
instance,  the  DoD  CIO’s  statutory  and 


regulatory  responsibilities  to  manage  and 
oversee  IT  resources  remain  unchanged; 
however,  they  will  now  be  executed 
through  this  more  holistic  portfolio  struc- 
mre.  In  essence,  capability  portfolio  man¬ 
agers  integrate,  coordinate,  and  synchro¬ 
nize  portfolio  content  by  providing  strate¬ 
gic  advice  intended  to  focus  portfolio 
capabilities. 

^^Traditionally  in  both 
the  commercial  sector 
and  the  federal 
government,  PfM 
has  focused  on 
IT-related  investments, 
but  in  an  ideal  world,  the 
portfolio  should  be 
inclusive  of  all 
investments:  people, 
processes,  and 
technology/* 

What  Is  PfM? 

PfM  is  the  management  of  selected 
groupings  of  investments  through  inte¬ 
grated  strategic  planning,  architecture, 
measures  of  performance,  risk-manage¬ 
ment  techniques,  and  transition  plans. 
Traditionally  in  both  the  commercial  sec¬ 
tor  and  the  federal  government,  PfM  has 
focused  on  IT-related  investments,  but  in 
an  ideal  world,  the  portfolio  should  be 
inclusive  of  all  investments:  people, 
processes,  and  technology.  In  the  simplest 
and  most  practical  terms,  PfM  focuses  on 


five  key  objectives: 

1.  Define  goals  and  objectives.  Clearly 
articulate  what  the  portfolio  is  expected 
to  achieve.  What  is  the  mission  of  the 
organization  and  how  does  it  support 
and  achieve  that  mission? 

2.  Understand,  accept,  and  make 
trade-offs.  Determine  what  to  invest  in 
and  how  much  to  invest.  Which  initia¬ 
tives  contribute  the  most  to  the  mis¬ 
sion? 

3.  Identify,  eliminate,  minimize,  and 
diversify  risk.  Select  a  mix  of  invest¬ 
ments  that  win  avoid  undue  risk,  will 
not  exceed  acceptable  risk  tolerance 
levels,  and  will  spread  risks  across  pro¬ 
jects  and  initiatives  to  minimize  adverse 
impacts.  When  and  how  do  you  termi¬ 
nate  a  legacy  system?  At  what  point  do 
you  cancel  a  project  that  is  behind 
schedule  and  over  budget? 

4.  Monitor  portfolio  performance. 
Understand  the  progress  your  portfolio 
is  making  towards  achieving  the  goals 
and  objectives  of  your  organization.  As 
a  whole,  is  the  portfolio’s  progress 
meeting  the  mission’s  goals? 

5.  Achieve  a  desired  objective.  Have  the 
confidence  that  the  desired  outcome 
win  likely  be  achieved  given  the  aggre¬ 
gate  of  investments  that  are  made. 
Which  combination  of  investments 
best  supports  the  desired  outcome? 

What  Is  the  GIG? 

Everyone  hears  about  the  GIG,  but  just 
what  is  it?  The  DoD  defines  the  GIG  as 
the  following: 

...  a  globally  interconnected,  end- 
to-end  set  of  information  capabili¬ 
ties,  associated  processes,  and  per¬ 
sonnel  for  collecting,  processing, 
storing,  disseminating,  and  manag¬ 
ing  information. 

The  GIG  win  improve  interoperability 
among  the  DoD’s  many  information  and 
weapon  systems,  but  more  importantly,  it 
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Figure  1:  GIG  lA  Por^olio  Drivers 

will  help  the  DoD  to  transform  to  a  more 
network-based  -  or  net-centric  -  way  of 
fighting  wars  and  achieving  information 
superiority  over  adversaries,  much  the 
same  way  as  the  Internet  has  transformed 
industry  and  society  on  a  global  scale. 

The  GIG  win  create  an  environment 
in  which  users  can  access  data  on  demand 
from  any  location  without  having  to  rely 
on  (and  wait  for)  organizations  in  charge 
of  data  collection  to  fuUy  process  and  dis¬ 
seminate  the  information.  With  its  timeli¬ 
er  data  availability  and  more  robust  com¬ 
munications  infrastructure,  the  DoD 
expects  the  GIG  to  enable  more  expedi¬ 
ent  execution  of  military  operations,  col¬ 
laborative  mission  planning  and  execution, 
and  common  views  of  the  battlespace. 
The  realization  of  the  net-centric  vision 


depends  on  sound  lA  mechanisms  being 
woven  into  the  very  fabric  of  the  GIG. 
Reaching  the  GIG  vision  relies  to  a  great 
extent  upon  each  individual  program 
manager  understanding  and  being  willing 
to  be  guided  by  the  tenets  of  the  GIG. 
Applying  the  tenants  of  PfM,  the  strategy 
for  weaving  lA  into  the  GIG,  consequent¬ 
ly,  has  three  main  prongs: 

1 .  Developing  and  operationalizing  an  lA 
component  of  the  GIG  architecture 
that  provides  the  technical  road  map 
for  protecting  and  defending  the  cur¬ 
rent  and  future  GIG. 

2.  Influencing  program  managers  to 
build  their  systems  so  as  to  be  able  to 
plug  into  relevant  lA  constructs. 

3.  Ensuring  the  DoD  makes  the  proper 
investments  to  provide  the  lA  founda- 


Figure  2:  PJM  Process 


Analysis 

Links  objectives  to  vision, 
goals,  priorities,  and 
capabilities;  develop 
performance  measures:  and 
identify  gaps  and  risks. 


Evaluation 

Measures  actual  contributions 
of  portfolio  towards  improved 
capabilities  and  supports 
adjustments  to  the 
investment  mix. 


Control 

Ensures  investments  within 
portfolios  are  managed  and 

monitored  to  determine 
whether  to  continue,  modify, 
or  terminate. 

i 

Seiection 

Identifies  and  selects  best 
mix  of  investments  to  achieve 
capability  goals  and  objectives 
across  portfolio. 
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tional  technology  upon  which  the  pro¬ 
grams  win  be  relying. 

What  Is  GIAP? 

The  ASD(NII)/DoD  CIO  named  the 
DASD(IIA)  as  the  domain  owner  for  the 
lA  Portfolio  who,  in  turn,  named  the 
Director,  National  Security  Agency 
(DIRNSA)  as  his  domain  agent.  As  the  I A 
domain  agent,  the  DIRNSA  leads  the 
GIAP  management  activities  through  the 
creation  of  the  GIAP  Management 
Office. 

The  GIAP  Management  Office  con¬ 
sists  of  a  GIG  lA  portfolio  manager  and 
staff  of  capability  managers  who  execute 
the  domain  agent  duties  on  behalf  of  the 
DIRNSA.  Though  located  at  the  NSA, 
this  office  performs  a  DoD  community 
service  and  draws  staff  from  across  the 
community.  At  present,  the  GIAP 
Management  Office  workforce  consists  of 
NSA  and  DISA  personnel. 

Key  lA  organizations  have  been 
appointed  as  functional  leads  to  support 
the  lA  domain  agent  in  developing  and 
executing  a  coordinated,  DoD-wide  lA 
portfolio.  The  functional  leads  are: 

•  Architecture  —  NSA  lA  Directorate. 

•  Integration  —  DISA. 

•  Operations  -  Commander,  U.S.  Stra¬ 
tegic  Command. 

•  PfM  —  GIAP  Management  Office. 

So  Why  Have  a  GIAP? 

As  the  domain  owner,  the  DASD(IIA)  has 
directed  the  GIAP  Management  Office  to 
provide  a  collection  of  capabilities  that 
win  achieve  dynamic  lA  in  support  of  net- 
centric  operations.  The  primary  focus  of 
the  GIAP  Management  Office  is  to  do  the 
following: 

•  Recommend  the  best  mix  of  invest¬ 
ments,  and  synchronize  milestones 
and  dependencies  to  achieve  the  GIG 
I A  vision. 

•  Fully  leverage  baseline  resources  from 
research  to  de-commission. 

•  Identify  approaches  to  close  aU  capa¬ 
bility  gaps. 

•  Monitor  execution  of  investment 
strategies. 

•  Measure  outcomes  and  processes  and 
take  corrective  measures  as  necessary. 
The  GIAP  Management  Office  does 

not  manage  the  execution  of  service  and 
agency  lA  programs  as  this  is  the  respon¬ 
sibility  of  the  services  and  agencies  them¬ 
selves.  The  GIAP  Management  Office 
closely  examines  the  programs  to  under¬ 
stand  capabilities  on  which  they  are 
depending  for  their  success.  They  also 
look  at  the  timing  of  the  programs  to 
ensure  they  are  synchronized  logically. 
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The  GIG  lA  portfolio  manager,  in 
concert  with  the  capability  managers  and 
service/agency  representatives,  has  been 
working  hard  to  meet  these  goals.  Figure  1 
depicts  the  many  drivers  of  the  GIAP  in 
its  goal  to  provide  a  collection  of  capabil¬ 
ities  that  will  achieve  dynamic  lA  in  sup¬ 
port  of  net-centric  operations. 

Division  of  the  GIAP  Into 
Capability  Areas 

In  order  to  aid  the  GIAP  manager  in  the 
task  of  delivering  GIG  lA  capabilities  to 
DoD  customers,  the  GIAP  has  been 
divided  into  six  distinct  lA  functional 
areas  under  the  direction  of  four  capabili¬ 
ty  managers.  These  six  lA  functional  areas 
are  aligned  to  do  the  following: 

1.  Provide  the  ability  to  dynamically  and 
securely  share  information  at  multiple 
classification  levels  among  U.S.,  allied, 
and  coalition  forces. 

2.  Protect  all  enterprise  management  and 
control  systems,  and  provide  common 
security  management  infrastructure  to 
support  enterprise  security  functions. 

3.  Provide  assurance  that  information 
does  not  change  (unless  authorized) 
from  production  to  consumption  or 
from  transmission  to  receipt. 

4.  Protect,  monitor,  analyze,  detect,  and 
respond  to  unauthorized  activity  as 
well  as  unintentional,  non-maUdous 
user  errors  within  DoD  information 
systems  and  networks. 

5.  Assure  GIG  computing  and  commu¬ 
nications  resources,  services,  and 
information  are  available  and  accessi¬ 
ble  to  support  net-centric  operations. 

6.  Ensure  information  is  not  made  avail¬ 
able  or  is  not  disclosed  to  unautho¬ 
rized  individuals,  entities,  devices,  or 
processes. 

The  capability  managers  are  responsi¬ 
ble  for  providing  oversight  and  guidance 
to  all  DoD  programs  delivering  capabili¬ 
ties  within  their  functional  area.  They 
work  closely  with  the  services  and  agen¬ 
cies  managing  these  programs,  with  the 
functional  leads,  and  with  each  other.  In 
providing  this  oversight  and  guidance, 
they  follow  the  process  depicted  in 
Figure  2. 

Supporting  the  PfM  process  described 
in  Figure  2,  the  GIAP  has  developed  the 
GIG  I A  Portfolio  Plan  (GIPP)  which  sets 
forth  a  near-term  plan  in  the  context  of  a 
long-term  vision  for  fulfilling  GIG  lA- 
identified  capability  gaps  defined  in  the 
GIG  lA  Initial  Capabilities  Document 
(ICD)  [3].  While  describing  the  long-term 
vision  at  a  high  level,  this  version  of  the 
GIPP  is  particularly  focused  on  present¬ 


ing  a  plan  to  achieve  the  capabilities 
defined  in  the  lA  component  of  the  GIG 
Integrated  Architecture,  Increment  1, 
Version  1.1  [7].  The  GIPP  also  serves  as  a 
guide  for  the  GIAP  in  determining  rec¬ 
ommendations  for  the  best  mix  of  syn¬ 
chronized  investments  over  time,  and 
serves  to  inform  the  community  of  the 
near-term  plan  for  investments  and  the 
expected  availability  of  capabilities.  The 
GIPP  communicates  the  GIAP  path  by 
doing  the  following: 

•  Defining  architecturally  framed  tech¬ 
nology  evolution  strategies. 

•  Providing  practical  details  that 
describe  implementation  progress 
necessary  to  counter  adversaries,  close 


**Beyond  cost,  schedule, 
and  dependencies, 
analyses  will  continue  to 
identify  possible 
duplication  of  effort 
by  one  service  or 
agency  which  could  be 
used  by  all.  Achieving 
the  GIG  vision  ... 
will  not  come  quickly 


gaps  and  vulnerabilities,  and  achieve 
net-centricity. 

•  Identifying  programmatic  dependen¬ 
cies  and  synchronization  markers. 

What  Lies  Ahead 

The  GIAP  Management  Office  has  a 
huge  task  before  it  -  one  that  will  take 
several  years  to  fully  implement.  Since  its 
establishment  in  2006,  the  GIG  lA  PfM 
office’s  near-term  focus  has  been  on  issu¬ 
ing  guidance  to  the  services  and  agencies 
to  help  them  refine  their  Program 
Objective  Memorandum  ’08  and  ’10  sub¬ 
missions,  plan  their  fiscal  year  ’09-13  bud¬ 
get  and,  where  possible,  modify  their  fis¬ 
cal  year  ’07-08  budgets.  Beyond  cost, 
schedule,  and  dependencies,  analyses  will 
continue  to  identify  possible  duplication 
of  effort  by  one  service  or  agency  which 
could  be  used  by  all.  Achieving  the  GIG 
vision  and  associated  lA  architecture  will 
not  come  quickly  and  will  not  be  cheap, 
but  through  PfM  we  can  maximize  our 


investment  by  ensuring  that  scarce  lA 
dollars  are  spent  as  wisely  as  possible.  As 
our  insight  into  ever-changing  adversarial 
threats  deepens,  PfM  gives  us  the  agility 
to  plan,  budget,  and  support  capability 
improvements  necessary  to  sustain  an 
assured  GIG  into  the  future  by  providing 
the  best  lA  to  the  warfighting  and  ICs.^ 
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Information  and  Communications 
Technology  and  the  Global  Marketplace 

The  DoD  Globalization  Task  Force  Staff 

The  gkibal  information  and  communications  technology  (ICT)  marketplace  brings  innumerable  benefits  to  the  USG  and 
DoD.  However,  this  extended  and  often  unknown  supply  chain  has  created  an  environment  where  trustworthiness  in  com¬ 
mercial  ICT  products  is  no  longer  implicit,  requiring  the  USG  to  expand  its  understanding  of  lA.  In  this  new  environment, 
emplqging  comprehensive  protection  mechanisms  requires  consideration  of  both  the  depth  and  breadth  of  the  approach;  that 
is,  risk  and  risk  mitigation  must  be  considered  across  the  entire  lifecycle  of  the  product  or  system,  from  requirements  devel¬ 
opment  to  retirement.  The  DoD  is  working  to  develop  solutions  to  manage  risk  at  the  network,  y  stems,  and  product  level 
Totential  solutions  include  partnership  with  industry  in  supply  chain  oversight  and  standardisation  to  facilitate  keeping 
intruders  and  malware  out  of  USG  and  DoD  networks. 


The  impact  of  the  global  marketplace 
on  USG  lA  activities  and  technology 
acquisitions  is  permanent,  irreversible, 
and  likely  to  have  only  greater  impact 
over  time.  In  order  to  stay  on  the  cutting 
edge  of  technology  development,  the 
USG  and  its  commercial  supplier  base 
must  rely  on  industry  partners  from 
around  the  world.  And,  with  increasing 
frequency,  it  is  foreign  companies  that  are 
providing  the  most  advanced  technology 
solutions.  The  multi-tiered,  global  nature 
of  our  supply  chain  means  that  the  gov¬ 
ernment  has  suppliers  that  it  may  not 
know  and  may  never  see.  With  less 
insight  into  their  security  practices  and 
less  control  over  how  they  conduct  their 
business,  this  global  supply  chain  may 
make  the  USG  more  vulnerable  to  an 
adversary  who  can  use  security  gaps  in 
our  global  supply  chain  against  us. 

Our  traditional  defense  approach, 
defense-in-depth,  as  defined  by  DoDD 
8500. OlE,  focuses  on  the  following: 

...  establishing  an  adequate  lA  pos¬ 
ture  in  a  shared-risk  environment 
that  allows  for  shared  mitigation 
through:  the  integration  of  people, 
technology,  and  operations;  the  lay¬ 
ering  of  lA  solutions  within  and 
among  information  technology 
assets;  and,  the  selection  of  lA 
solutions  based  on  their  relative 
level  of  robusmess.  [1] 

This  approach  implies  a  degree  of  trust¬ 
worthiness  in  commercial  ICT.  However, 
trustworthiness  in  commercial  ICT  prod¬ 
ucts  is  no  longer  implicit.  A  new  defen¬ 
sive  strategy,  defense-in-breadth,  is  necessary 
to  complement  our  traditional  approach 
and  manage  risk  over  the  lifecycle  of  a 
network,  system,  or  product. 

The  comforting  assumptions  the 
DoD  and  the  broader  USG  have  had 
about  their  suppliers  are  no  longer  true  — 


especially  in  the  ICT  industry.  No  indus¬ 
try  has  been  more  transformed  by  global¬ 
ization  than  the  ICT  industry.  Today,  ICT 
—  including  micro-electronics  [2]  and 
software  [3]  -  is  being  developed  around 
the  world.  Companies  may  be  headquar¬ 
tered  in  the  United  States  but  perform 
much  of  their  research  and  development, 
manufacturing,  and  servicing  in  China, 


...  with  a  much  more 
transitory,  global,  and 
permeable  supply  chain, 
trustworthiness  in  our 
ICT  is  no  longer  a 
guarantee  -  even 
from  our  American 
companies/* 


India,  or  numerous  other  countries.  In 
addition,  these  companies  contract  out 
work  to  multiple  subcontractors  whose 
processes  and  practices  are  often 
unknown.  Even  for  the  decreasing  num¬ 
ber  of  ICT  firms  that  are  largely  based  in 
the  United  States,  much  of  their  talent 
may  come  from  abroad. 

This  picture  of  a  truly  international 
industry  contrasts  sharply  with  the  sup¬ 
plier  base  that  the  DoD  and  other  USG 
agencies  dealt  with  in  the  past.  They  were 
able  to  count  on  companies  here  in  the 
United  States  with  domestic  research, 
manufacturing  facilities,  and  American 
employees.  Moreover,  the  government 
could  be  confident  that  these  all-American 
companies  were  developing  the  cutting- 
edge  technologies  that  underlay  so  much 


of  American  strategic  dominance.  These 
were  firms  whose  products  they  could 
trust.  However,  with  a  much  more  transi¬ 
tory,  global,  and  permeable  supply  chain, 
trustworthiness  in  our  ICT  is  no  longer  a 
guarantee  —  even  from  our  American 
companies. 

There  is  no  way  to  go  back  to  a  sup¬ 
plier  base  of  all-American  companies. 
While  some  departments  do,  for  extraor¬ 
dinary  reasons,  build  proprietary  technol¬ 
ogy  for  government  use  using  a  cleared 
facility  and  cleared  personnel,  this 
approach  is  neither  ideal  nor  financially 
feasible  on  a  large  scale  for  the  bulk  of  the 
purposes  for  which  ICT  is  intended. 
Business  practices  and  the  worldwide 
development  of  technology  make  the  old 
ways  impossible. 

First,  globalization  optimizes  resource 
use  and  improves  the  efficiency  of  pro¬ 
duction  and  distribution.  Now,  a  team  of 
developers  in  California  can  stop  work 
and  hand  off  their  project  to  a  team  in 
Europe,  which  can,  in  turn,  hand  off  to  a 
team  in  Asia  —  making  for  a  24-hour 
development  day.  Moreover,  those  foreign 
developers  are  highly  competent,  are  able 
to  provide  insight  into  the  requirements  of 
foreign  markets,  and  can  produce  a  com¬ 
petitive  advantage  in  the  US.  market. 

Also,  the  supply  chain  itself  compli¬ 
cates  the  USG’s  ability  to  ensure  the  trust¬ 
worthiness  of  products  purchased  from 
the  global  marketplace.  Lean  manufactur¬ 
ing  processes  and  just-in-time  operations 
exacerbate  the  lack  of  control,  limit  trans¬ 
parency,  and  inhibit  the  ability  to  inject 
security  into  the  process.  In  a  highly  com¬ 
petitive  environment,  security  testing  may 
be  minimized  because  the  cost  and  time 
required  are  hard  to  absorb. 

The  national  security  concern  regard¬ 
ing  the  global  marketplace  is  that  software 
or  microelectronic  circuitry  may  include 
deliberately  inserted  malicious  logic  —  mal¬ 
ware  —  that  an  adversary  might  slip  into  a 
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computer  system  to  steal  or  corrupt  data 
or  disrupt  the  system.  The  malware  might 
act  immediately  or  it  may  be  designed  to 
He  dormant  until  activated  by  some  future 
signal.  Buried  in  the  millions  of  lines  of 
code  that  comprise  the  modern  computer 
application,  such  malware  is  difficult  to 
detect  even  with  desktop-level  malware 
applications  such  as  Symantec:  no  one 
may  be  aware  of  its  existence  until  after 
the  damage  is  done. 

For  example,  it  was  reported  in 
Britain’s  Channel  Register  in  November, 
2007  [4]  that  hard-disk  drives  built  for  a 
U.S.  data  storage  company  by  a  Chinese 
subcontractor  were  infected  with  a  Trojan 
horse  virus  named  AutoRun-AH,  which 
searches  for  passwords  to  online  games 
and  sends  them  to  a  server  located  in 
China.  Although  the  company  acted 
promptly  upon  the  discovery  of  the  mal¬ 
ware,  some  units  were  sold  to  the  public 
before  it  became  aware  of  the  compro¬ 
mise. 

While  compromising  ICT  may  not  be 
as  easy  a  way  to  penetrate  a  computer  sys¬ 
tem  as  hacking  into  it  or  turning  an  insid¬ 
er,  it  is  a  viable  option  for  a  determined 
adversary.  Moreover,  to  the  extent  security 
measures  make  hacking  more  difficult  or 
subversion  more  challenging,  infiltrating 
the  supply  chain  becomes  a  more  attrac¬ 
tive  alternative. 

There  is  no  single  —  nor  quick  —  fix  for 
mitigating  the  risk  to  DoD  and  USG  sys¬ 
tems  and  networks  stemming  from  the 
global  ICT  marketplace;  yet  the  problem  is 
not  an  impossible  one  to  manage  through 
a  defense-in-breadth.  The  risks  associated 
with  a  globalized  supply  chain  can  be 
addressed  if  one  understands  the  prob¬ 
lem,  makes  a  concerted  effort  to  address 
threats  and  vulnerabilities  at  key  points 
over  the  life  of  ICT  products  and  systems, 
and  partners  with  commercial  providers  to 
improve  the  integrity  of  ICT  products. 
Depending  on  the  level  of  risk  to  the  sys¬ 
tem  or  network,  the  mission  area,  and 
available  capabilities,  different  systems  and 
networks  will  require  different  combina¬ 
tions  of  risk  management  techniques.  For 
national  security  computer  systems,  that 
effort  is,  therefore,  going  to  be  far  more 
extensive  than  for  another  buyer  with  a 
less  sensitive  system  —  the  challenge  for 
any  user  is  to  select  a  mix  of  options  that 
is  cost-effective. 

Both  suppliers  and  acquirers  have  to 
be  aware  of  the  risk.  Many  government 
agencies  and  companies  are  beginning  to 
rethink  the  implications  of  globalization 
on  their  supplier  base.  Neither  they  nor 
the  sellers  may  have  been  sensitive  to  the 
possibilities  of  supply  chain  vulnerabilities 


in  the  past.  No  one  is  going  to  act  unless 
they  understand  that  there  is  a  problem, 
and  that  level  of  awareness  is  only  now 
developing. 

One  useful  step  will  be  for  ICT  suppli¬ 
ers  to  develop  and  maintain  practices  and 
procedures  that  monitor  the  development 
process  in  both  their  own  facilities  and 
those  of  any  subcontractor  that  they  use. 
Processes  and  tools  that  track  when 
source  code  or  hardware  is  accessed,  who 
accesses  it,  and  what  changes  they  have 
made  raise  confidence.  Similarly,  strong 
business  processes  managing  reputability 
and  quality  of  components  incorporated 
into  ICT  help  bound  risk.  Commercial 
standards  in  this  area  clarifying  commer¬ 
cial  best  practice  regarding  configuration 
management,  design,  and  quality  control 
in  the  presence  of  global  sourcing  can 
enable  the  systems’  acquirers  to  express 

^^Buyers  and  testing 
lobs  hove  tested 
the  functionality  of 
software  and  hardware 
for  many  years 
-  ensuring  it  does  what 
it  promises  -  but 
they  hove  not  been  os 
focused  on  testing 
for  security/* 

requirements  and  bound  risk  that  unantic¬ 
ipated  code  or  components  have  been 
placed  within  a  reputable  developer’s  con¬ 
figuration. 

The  adoption  of  such  standards  and 
best  practices  will  proceed  only  if  acquir¬ 
ers  recognize  their  importance,  require 
that  suppliers  adhere  to  these  security 
processes,  and  recognize  that  a  low-cost, 
low-security  supplier  can  present  a  much 
higher  cost  in  the  long  run.  Those  with  the 
knowledge  to  create  standards  will  likely 
do  so  only  if  there  is  genuine  pressure 
from  the  larger  buyer  community  to  get  it 
done. 

However,  at  the  time  of  purchase,  a 
user  may  face  a  troublesome  reality:  even 
for  those  that  have  adopted  all  the  stan¬ 
dards  and  best  practices  required,  there  is 
no  complete  assurance  that  the  product  is 


trustworthy.  Here,  users  must  be  more 
vigorous  and  sophisticated  in  protecting 
themselves.  They  have  to  evaluate  the 
residual  risk  arising  from  the  ICT  that 
they  are  about  to  purchase  and  decide 
what  steps  they  can  take  to  configure 
their  own  systems  to  minimize  that  risk. 
The  financial  industry  and  some  govern¬ 
ment  agencies  have  been  developing  best 
practices  to  employ  to  counter  this  resid¬ 
ual  threat.  The  practices  are  tailored  to 
the  level  of  risk  and  the  importance  of 
the  system,  but  the  challenge  will  be  to 
adapt  enduring  security  controls  in  light 
of  continuous  technology  changes,  such 
as  software  updates,  and  shifts  in  an 
adversary’s  tactics. 

One  might  ask  if  the  entire  problem 
could  be  solved  by  simply  testing  all  that 
code  to  see  if  it  contains  malware.  That  is 
easier  said  than  done.  Buyers  and  testing 
labs  have  tested  the  functionality  of  soft¬ 
ware  and  hardware  for  many  years  - 
ensuring  it  does  what  it  promises  —  but 
they  have  not  been  as  focused  on  testing 
for  security.  It  has  traditionally  been  easi¬ 
er  to  test  functionality  than  security,  and 
the  gap  between  the  two  has  only  grown 
as  applications  have  become  more  com¬ 
plex.  Even  if  the  problem  could  ultimate¬ 
ly  be  solved  by  testing,  no  such  test  is  cur¬ 
rently  on  the  horizon.  In  its  September 
2007  report  on  Mission  Impact  of 
Foreign  Influence  on  DoD  Software,  the 
Defense  Science  Board  (DSB)  recom¬ 
mended  that  the  DoD  fund  science  and 
technology  research  and  development  in 
state-of-the-art  software  and  hardware 
vulnerability  detection  and  mitigation  [1]. 
The  DSB  highlighted  the  desired  out¬ 
comes  of  this  R&D  as  developing  tech¬ 
nology  to  eliminate  accidental  vulnerabil¬ 
ities  from  systems  development  and  to 
improve  trusted  computing  group  tech¬ 
nologies  to  mitigate  the  risks  posed  by 
malicious  software  [5]. 

The  Cyber  Security  Research  and 
Development  Act  (CSRDA)  of  2002  [6] 
is  one  possible  means  of  supporting  the 
development  of  better  tools.  The 
CSRDA  was  signed  into  law  November 
27,  2002,  to  enable  the  U.S.  to  prepare 
against  cyber-attacks  on  federal  and  pri¬ 
vate  computers.  The  act  directs  the 
National  Science  Foundation  to  establish 
cyber-security  research  centers,  commu¬ 
nity  college  grants,  fellowships  and 
undergraduate  program  grants,  partner¬ 
ships  with  industry  and  academia,  and  the 
establishment  of  a  program  to  encourage 
senior  researchers  in  various  fields  to 
transition  to  work  in  computer  security 
[7].  The  CSRDA  authorized  more  than 
$900  million  over  five  years  for  R&D  and 
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training  programs  by  the  NSF  and  the 
National  Intelligence  Support  Team. 
However,  it  is  not  clear  how  much  time 
and  money  it  will  take  to  create  new  tools 
—  and  there  is  no  guarantee  that  they  will 
be  able  to  keep  up  with  the  continually 
increasing  complexity  of  the  products 
they  are  reviewing. 

There  is  one  thing  that  is  not  part  of 
the  solution.  There  is  no  value  in  simply 
banning  software  or  hardware  manufac¬ 
tured  in  any  particular  country.  Such  a  ban 
assumes  that  somehow  the  problem  is 
geographically  focused.  It  is  not.  Such  a 
ban  would  not  only  raise  questions  under 
the  rules  of  the  World  Trade 
Organization,  but  would  also  disrupt  the 
ongoing  operations  of  numerous  legiti¬ 
mate  U.S.  and  foreign  companies  that  have 
come  to  rely  upon  work  products  from 
various  overseas  resources.  Moreover,  it 
would  give  a  false  confidence  to  buyers 
who  might  assume  that  merely  because  a 
product  was  produced  in  the  U.S.,  for 
example,  it  should  be  secure. 

Instead,  the  USG  must  reach  out  to 
global  commercial  partners  to  improve 
the  state  of  play.  Government  cannot 
solve  the  problem  without  industry’s 
help,  and  industry  stands  to  benefit  from 
dealing  with  the  problem  of  supply  chain 
risk  in  many  ways.  ICT  providers  need  to 
be  able  to  assure  all  of  their  customers, 
not  just  those  with  national  security  con¬ 
cerns,  that  the  product  being  provided  is 
genuinely  secure.  A  widespread  fear 
among  buyers  that  there  might  be  mal¬ 
ware  in  their  new  software,  for  example, 
would  depress  sales  and  tarnish  a  brand. 
One  only  need  recall  the  recent  problems 
with  lead  paint  on  toys  from  China  to 
understand  the  potentially  devastating 
impact  of  a  malware  scare  on  software 
products. 

An  analogous  problem  facing  com¬ 
mercial  ICT  developers  is  the  reliability 
concern  stemming  from  the  increasing 
circulation  of  counterfeit  commercial 
components.  The  globalization  of  the 
marketplace  has  led  to  commercial  col¬ 
laboration  among  widely  diverse  cultures, 
including  those  for  whom  respect  for 
intellectual  property  is  an  emerging  con¬ 
cept.  This  situation  has  led  to  a  signifi¬ 
cant  problem  of  counterfeit  ICT  compo¬ 
nent  parts  and  products,  often  developed 
without  quality  or  security  best  practices, 
appearing  in  critical  systems  and  net¬ 
works. 

The  heightened  awareness  of  more 
general  security  issues  associated  with  the 
Internet  and  software  has  led  to  increased 
emphasis  on  information  security. 
Increased  use  of  intrusion  detection 


devices  and  other  controls  will  likely  have 
some  benefit  with  regard  to  supply  chain 
risks  as  well  as  those  that  come  from 
more  typical  problems  such  as  hacking, 
but  more  must  be  done. 

The  DoD  is  committed  to  managing 
the  risk  presented  by  globalization  using 
defense-in-breadth:  a  multi-faceted,  risk- 
mitigation  strategy  that  seeks  to  identify, 
manage,  and  eliminate  risk  at  every  stage 
of  the  IT  system  or  network  lifecycle, 
from  system  requirements  generation  to 
system  retirement.  It  is  actively  working  to 
ensure  that  policies  and  processes  are  put 
in  place  to  raise  awareness  of  the  risk, 
empower  acquirers  to  make  informed 
decisions  when  they  request  and  procure 
ICT  products  and  services,  and  arm 
acquirers  with  practices  and  tools  neces¬ 
sary  to  mitigate  risk  when  ICT  products 
are  used  across  the  government  (the  more 
traditional  defense-in-depth  component). 
It  is  also  partnering  with  the  commercial 
companies  that  comprise  its  supply  chain 
and  using  its  power  as  a  consumer  to  drive 
security-minded  attributes  into  the  devel¬ 
opment  and  management  of  new  systems 
and  technologies.  Both  government  and 
industry  stand  to  lose  if  the  risk  presented 
by  globalization  of  the  ICT  supply  chain  is 
not  managed  effectively.  Our  adversaries’ 
exploitation  of  vulnerabilities  in  the  ICT 
supply  chains  have  the  potential  to  threat¬ 
en  our  national  and  economic  security  by 
putting  sensitive  USG  and  corporate 
information  at  risk  and  generating  distrust 
in  the  security  of  ICT  products.  The  DoD 
cannot  solve  this  problem  without  help 
from  its  partners  both  in  government  and 
industry.^ 
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The  Future  of  the  Internet 


The  DoD  Globalization  Task  Force  Staff 


The  Internet’s  continuing  growth,  stability,  and  security  are  vital  to  the  DoD’s  mission.  While  the  DoD  no  longer  controls 
Internet  decision  making,  its  unique  perspective  deriving  from  its  multiple  roles  as  Internet  user,  operator,  and  research 
center  is  important  to  the  development  and  protection  of  U.S.  national  interests.  It  should  make  a  commitment  to  partic¬ 
ipate  directly  in  international  Internet  decision-makingforums,  as  well  as  actively  develop  policy  as  part  of  the  U.S.  inter¬ 
agency  process. 


The  Internet  is  essential.  It  is  a  vital 
underpinning  of  the  civilian  econo¬ 
my,  and  its  security  and  stability  has 
become  a  matter  of  national  security.  In 
a  converged  world,  it  will  become  not 
just  the  means  for  transmitting  data,  but 
also  video  and  voice.  It  is,  therefore, 
critical  to  ensure  its  continued  growth, 
internal  security,  and  stability. 

So  how  do  we  guarantee  that  growth, 
security,  and  stability?  What  might 
impact  those  issues?  Who  gets  to  make 
those  decisions? 

The  USG,  through  the  DoD,  created 
the  Internet,  but  what  it  created  has 
grown  in  ways  totally  unforeseen  just 
10-15  years  ago.  The  DoD’s  oversight  of 
the  initial  development  of  the  Internet 
has  been  replaced  by  a  web  of  collective 
decision-making  bodies  that  it  no  longer 
controls.  The  issue  now  has  become 
should  the  DoD  continue  to  try  to 
influence  the  development  of  the 
Internet  and,  if  so,  how  should  it  pro¬ 
ceed?  That  is,  should  the  DoD  take  an 
active  role  in  the  process  and,  if  it 
should,  win  that  role  be  confined  to 
internal  USG  deliberations  or  will  it 
include  direct  participation  in  the  many 
forums  where  key  decisions  about  the 
Internet  are  made? 

The  rest  of  this  article  answers  that 
question  as  follows:  the  DoD  finds  itself 
in  a  unique  position  to  play  a  positive 
role.  It  is  a  major  user  of  the  Internet, 
but  it  is  also  a  large  Internet  service 
provider  and  an  operator  of  two  of  the 
13  root  zone  servers  that  provide  the 
basic  information  for  locating  Internet 
addresses.  The  DoD  is  also  a  repository 
of  vast  technical  expertise  about  the 
Internet  and  a  significant  source  of 
research  funds.  Taken  together,  those 
multiple  roles  give  the  DoD  a  unique 
view  of  the  Internet  and  a  distinct  abili¬ 
ty  to  positively  influence  its  evolution  in 
ways  not  easily  matched  by  other  USG 
departments  or  the  private  sector. 

Those  perspectives  —  individually 
and  in  combination  —  are  critical  for  the 


DoD  to  carry  out  its  larger  mission: 
assuring  the  security  and  stability  of  the 
Internet  as  part  of  its  defense  of  U.S. 
national  security.  The  DoD’s  strategy 
should  be  twofold.  It  must  (1)  monitor 
and  influence  current  technical  and 
political  developments  that  could 
impact  the  security  and  stability  of 
Internet  operations;  and  (2)  envision  the 
Internet  10  or  15  years  into  the  future, 
define  the  role  it  will  play  in  contribut¬ 
ing  to  the  defense  of  the  nation,  and 
take  the  steps  required  to  achieve  that 
vision,  much  as  the  defense  community 
has  done  with  the  current  Internet. 

However,  the  DoD’s  distinct  vision 
does  not  mean  that  it  can  afford  to  act 
alone.  In  order  to  make  the  DoD’s  par¬ 
ticipation  effective,  there  will  have  to  be 
a  coordinated  strategy  among  the  DoD’s 
components,  as  well  as  collaboration 
with  the  rest  of  the  USG  and  the  U.S. 
private  sector.  That  collaboration  is  not 
driven  merely  by  the  desire  to  speak 
with  one  voice.  Rather,  it  is  compelled 
by  the  unique  set  of  problems  and 
unique  ways  of  solving  them  that  distin¬ 
guish  the  Internet  and  its  governance 
processes. 

Collective  decision-making  about  the 
Internet  is  disbursed  among  various 
organizations  and,  in  most  of  them, 
governments  have  no  special  role.  They 
stand  on  equal  footing  with  the  private 
sector,  academia  and  civil  society  in 
devising  standards  and  making  other  rel¬ 
evant  decisions.  It  is  a  megacommunity’  of 
extraordinary  scope  with  vast  and  com¬ 
plicated  interests  and  connections. 

Moreover,  the  decision  makers  must 
constantly  struggle  to  preserve  the 
Internet’s  grassroots  innovation  and 
growth  while  recognizing  the  impor¬ 
tance  of  stability  and  security.  The  cre¬ 
ativity  that  has  made  the  Internet  so 
valuable  cannot  be  squelched  if  the 
Internet  is  to  remain  a  dynamic  and 
adaptive  medium.  Continuing  to  achieve 
that  balance  of  innovation  and  stability 
requires  a  combination  of  technological 


expertise,  political  sophistication,  and  a 
commitment  to  innovation  and  change 
that  few  individuals,  let  alone  agencies, 
possess.  It  is  the  combination  of  per¬ 
spectives  from  within  and  outside  of 
government  that,  if  successfully  execut¬ 
ed,  gives  the  USG  both  compelling 
influence  and  a  powerful  vision. 

The  Questions 

The  following  questions  are  integral  to 
an  Internet  Governance  and  Security 
Strategy  for  the  defense  community: 

•  What  should  the  Internet  look  like  in 
10  or  20  years  to  ensure  it  remains  a 
secure  link  to  our  allies,  the  defense 
community  global  supply  chain,  and 
the  civilian  infrastructure  on  which 
the  USG  depends? 

•  What  should  the  Internet  look  like  in 
10  or  20  years  to  maximize  its  ability 
to  support  other  USG  interests? 

•  What  steps  should  the  national  secu¬ 
rity  community  take  today  to  ensure 
that  the  security  and  stability  of  the 
Internet’s  infrastructure  are  protect¬ 
ed  to  support  future  operations? 
From  a  policy  standpoint  (i.e.,  glob¬ 
al,  national,  DoD)?  From  an  invest¬ 
ment  standpoint  (e.g.,  resourcing, 
research  and  development)?  From  a 
cultural  standpoint  (e.g.,  training, 
education)?  From  a  tactical  stand¬ 
point  (e.g.,  standards,  operations, 
acquisitions)? 

The  Trends 

One  can  likely  come  up  with  a  variety  of 
ways  of  categorizing  the  various  chal¬ 
lenges  for  the  Internet.  The  following 
are  three  that  are  seen  as  summarizing 
the  diverse  problems: 

1.  The  svyiA  growth  of  Internet  services 
and,  therefore,  Internet  traffic 
because  of  the  increasingly  essential 
character  of  the  Internet  for  nation¬ 
al  and  international  economies  (all  of 
which  makes  the  Internet  not  just  a 
bigger  target,  but  also  a  more  invit¬ 
ing  one,  as  well). 
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2.  The  growing  sophistication  of  those 
who  want  to  destroy  the  Internet’s 
stability  and  security,  whether  for  rea¬ 
sons  of  cyber-war,  crime,  or  simple 
malicious  one-upmanship. 

3.  The  increasing  demands  placed  on 
those  organisations  that  make  deci¬ 
sions  related  to  standards  and  prac¬ 
tices  governing  the  Internet. 

Growth 

First,  with  regard  to  growth,  the  trends 

are  overwhelming: 

•  Everything  will  be  over  Internet 
Protocol  (IP)  (Voice  over  IP  [VoIP], 
video,  streaming  video,  collaboration, 
data),  which  means  systems  will  bear 
vastly  greater  amounts  of  traffic. 

•  Everything  will  be  addressable  via  IP 
addresses  (sensors,  mission-critical 
systems,  individuals,  etc.). 

•  There  will  be  vast  numbers  of  new 
uses  which  will  have  implications  on 
the  volume  of  traffic  and  privacy  of 
data,  among  other  things. 

•  The  Internet  will  be  more  intelligent 
and  interactive. 

That  growth  suggests  a  responsive 

agenda  that  should  address  the  follow¬ 
ing  areas: 

1.  Scale/Ubiquity.  The  more  Internet 
traffic,  the  greater  the  threat  of  con¬ 
gestion  and  packet  loss.  The  greater 
the  congestion,  the  greater  the  inter¬ 
ference  with  VoIP  and  video.  Unlike 
data  where  we  have  learned  to  toler¬ 
ate  the  time  it  sometimes  takes  for 
things  to  appear  on  computer 
screens  (as  we  expectantly  peer  at 
our  monitors),  video  and  VoIP  trans¬ 
missions  cannot  be  delayed  or  dis¬ 
rupted  without  substantially  degrad¬ 
ing  service  (which  is  referred  to  as 
the  problem  of  latency).  There  are 
also  questions  of  whether  computa¬ 
tional  capacity  on  root  zone  servers 
can  meet  demand,  and  whether  the 
constant  updating  of  routing  tables 
will  strain  the  routers’  computational 
ability.  The  routing  schemes  will 
need  to  account  for  more  routers 
and  links,  and  quality  of  service  (a 
term  related  to  the  issue  of  net  neu¬ 
trality,  discussed  in  the  third  area. 
Quality  of  Service)  will  complicate 
their  work.  Modifications  to  the  cur¬ 
rent  global  routing  scheme  will  be 
required  to  support  controlled  peer¬ 
ing  among  networks,  and  routing 
protocols  will  need  a  complete  sys¬ 
tem  view  of  options  (rather  than  a 
partial  view  focused  on  the  next 
jump).  There  is  also  the  question  of 
whether  increasing  capacity  require¬ 


ments  will  be  met  with  current  tech¬ 
nologies. 

2.  Resiliency.  Ubiquitous  VoIP  and 
similar  high  bandwidth,  low  latency 
applications,  as  well  as  increasing 
dependence  on  the  Internet  for  mis¬ 
sion-critical  operations,  require  a 
more  reliable  and  robust  system.  In 
the  face  of  major  man-made  or  nat¬ 
ural  disasters  or  deliberate  attacks  on 
the  system,  will  there  be  enough 
robustness,  redundancy,  and  accurate 
routing  and  address  information  to 
assure  continued  connectivity  and 
speed?  In  addition,  exchange  point 
technology  needs  to  be  improved 
and  there  are  robustness  issues  at 

...  some  commercial 
users  are  worried  about 
possible  abuse  of  priority 
schemes  by  service 
providers  to  discriminate 
in  favor  of  some  content 
or  services  over  others  ... 
The  White  House  has 
stated  that  it  sees  no 
reason  for  net  neutrality 
legislation;  that  the 
market  will  work 
itself  out^* 

major  interconnection  points  includ¬ 
ing,  among  other  things,  a  lack  of 
redundancy. 

3.  Quality  of  Service  —  Net  Neutral¬ 
ity  and  Priority  of  Service.  On  tra¬ 
ditional  telephone  networks,  carriers 
have  evolved  protocols  for  priority 
communications,  a  particularly  impor¬ 
tant  issue  for  national  security  and  law 
enforcement.  Thus  far,  the  Internet 
has  worked  on  a  best  efforts  basis 
where  all  traffic  is  essentially  treated 
the  same.  With  more  traffic  and 
potential  limits  on  capacity,  it  is 
important  to  ensure  similar  priority 
schemes.  However,  some  commer¬ 
cial  users  are  worried  about  possible 
abuse  of  priority  schemes  by  service 


providers  to  discriminate  in  favor  of 
some  content  or  services  over  oth¬ 
ers.  They  have  proposed  net  neutral¬ 
ity  laws  that  could  interfere  with  the 
ability  to  prioritize  communications 
for  national  security/ emergency  pre¬ 
paredness  purposes.  The  White 
House  has  stated  that  it  sees  no  rea¬ 
son  for  net  neutrality  legislation;  that 
the  market  will  work  itself  out  [1]. 
The  Federal  Communications  Com¬ 
mission  (FCC)  is  currently  reviewing 
net  neutrality  through  a  notice  of 
inquiry/  and  holding  hearings  on  the 
issue  in  light  of  evidence  that  carri¬ 
ers  may  have  been  violating  net  neu¬ 
trality  principles. 

4.  IPv6  Deployment.  As  a  result  of 
the  growth  of  the  Internet,  the 
addressing  system  must  be  expand¬ 
ed.  IPv6  is  a  new  addressing  system 
that  allows  for  billions  more  poten¬ 
tial  addresses  than  the  current  sys¬ 
tem,  IPv4.  Both  the  USG  and  private 
industry  must  be  prepared  for  the 
transition  to  ensure  that  it  occurs 
smoothly  and  that  all  IP  addresses 
remain  reachable.  Because  of  the  rel¬ 
atively  large  number  of  addresses 
that  remain  available  in  the  US., 
there  has  thus  far  been  little  interest 
here  in  undertaking  the  necessary 
investment,  even  though  the  Office 
of  Management  and  Budget  has 
directed  all  USG  agencies  to  com¬ 
plete  the  transition  by  June  2008’. 
While  the  DoD  has  moved  forward, 
many  U.S.  agencies  have  not. 
However,  the  rest  of  the  world  is 
likely  to  want  to  push  forward  in  the 
near  future.  At  that  point,  the  U.S. 
may  have  no  choice;  however,  timely 
addressing  of  the  transition  is  the 
best  way  to  avoid  a  crisis. 

5.  Alternative  Technologies.  The 
National  Academy  of  Sciences  has 
noted  that  Internet  research  at  this 
point  is  heavily  incremental  in 
nature,  focusing  on  marginal 
improvements  to  the  current  struc¬ 
ture.’  There  is  httle  money  or  effort 
devoted  to  changing  the  fundamen¬ 
tals  of  the  Internet.  Regardless,  there 
is  always  the  possibility  that  some 
alternative  technology  will  come 
along  that  will  make  the  Internet 
outmoded  in  the  same  way  the 
Internet  has  begun  to  make  the 
Public  Switched  Telephone  Network 
(PSTN)  virtually  obsolete.  If  funded, 
the  National  Science  Foundation 
Global  Environment  for  Network 
Innovations  project/  with  which  the 
DoD  (principally  through  the 
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Defense  Advanced  Research 
Projects  Agency  [DARPA])  collabo¬ 
rates,  will  investigate  new  core  func¬ 
tionality,  new  architectures  and  new 
network  architecture  theories,  and 
build  higher-level  service  abstrac¬ 
tions. 

6.  Web  2.0.  Some  issues  of  growth 
relate  to  the  evolution  of  Internet 
applications.  The  increasing  sophisti¬ 
cation  of  highly  interactive  Internet 
applications,  often  collectively 
referred  to  as  Web  2.0,  provide  users 
with  an  expanding  range  of  capabili¬ 
ties.'’  The  DoD  can  and  does  use 
them,  but  the  value  to  the  DoD  is 
nowhere  as  significant  as  the  capabil¬ 
ity  they  afford  non-nation  state 
actors  —  such  as  terrorists  —  to  use 
new  and  innovative  ways  to  train  ter¬ 
rorists  (e.g.,  avatars),  share  informa¬ 
tion,  recruit  followers,  and  otherwise 
enhance  their  ability  to  conduct 
asymmetric  warfare. 

For  all  these  issues,  the  DoD’s  per¬ 
spective  is  extraordinary.  It  is  the  user 
who  has  a  direct  interest  in  all  these 
problems,  but  it  is  far  more  than  that. 
For  example,  it  is  an  Internet  service 
provider  that  has  to  adopt  IPv6,  and  it  is 
a  research  funding  source  that  can  influ¬ 
ence  long-term  events.  If  all  parts  of  the 
DoD  are  talking  to  one  another,  then  it 
is  a  feedback  loop  unparalleled  in  the 
Internet  world. 

Stability  and  Security 

If  growth  is  deemed  a  good  trend,  then 
the  second  trend,  the  increasing  sophis¬ 
tication  of  hackers,  criminals,  and  state- 
sponsored  cyber-warriors  clearly  repre¬ 
sents  the  had  side  of  the  following  equa¬ 
tion: 

•  Identity  theft,  fraud,  unwanted  e- 
mail,  and  other  Internet  abuses  con¬ 
tinue  to  grow. 

•  Because  the  Internet  can  originate 
virtually  anywhere  and  can  easily 
penetrate  a  national  boundary,  cyber¬ 
crime  is  both  everywhere  and 
nowhere  all  at  the  same  time. 

•  Cyber-attackers  have  learned  to 
manipulate  hundreds,  sometimes 
thousands,  of  computers  to  conduct 
coordinated  attacks  on  a  computer 
system  (called  botnets).  These  botnets 
have  significantly  facilitated  large, 
broad-scale  attacks  on  computer  net¬ 
works  called  distributed  denial  of 
service  attacks  (DDOS). 

•  In  2007,  a  large-scale  attack  on 
Estonia  demonstrated  the  ability  of 
sophisticated  parties  to  disrupt  large 
parts  of  a  national  economy  through 


the  use  of  DDOS.’ 

•  The  international  world  has  been 
unable  to  agree  on  what  cyber- crime 
is  or  how  to  deal  with  those  who 
commit  it.  The  Internet  Cyber- 
Crime  Convention  has  been  signed 
by  only  43  countries,  including  the 
United  States.  Russia,  China,  North 
Korea,  and  many  others  have  not 
signed. 

There  are  many  possible  responses 
to  these  problems,  but  the  following  are 
clear  priorities: 

1.  DDOS.  DDOS  attacks  are  increas¬ 
ingly  being  used  to  conduct  attacks 
against  key  Internet  assets  including 
the  Internet’s  root  zone  servers. 

*^The  BGP  is  used  to 
perform  inter-domain 
routing  on  the  Internet 
and  is  vulnerable  to 
spoofing  and 
misconfigu ration,  which 
con  lead  to  the 
misrouting  of 
Internet  traffic/* 

These  DDOS  attacks  attempt  to 
overwhelm  servers  with  vast  num¬ 
bers  of  messages.  The  use  of  bot¬ 
nets  has  increased  the  effectiveness 
of  DDOS  attacks.  The  last  major 
attack  in  the  U.S.  occurred  on 
February  6,  2007.  Its  impact  was 
heavily  mitigated  by  the  use  of  any- 
cast  technology,  which,  by  duplicat¬ 
ing  root  zone  data  bases  on  multiple 
servers  around  the  world,  allowed 
traffic  to  be  re-directed  around  the 
victimized  servers.  However,  the 
attackers  are  also  growing  more 
sophisticated,  and  the  need  for  ever¬ 
more  elaborate  defense  continues  to 
grow.  Mitigation  approaches  include 
bandwidth  upgrades,  ingress  and 
egress  filtering,  and  mandatory  hard¬ 
ware  configuration  to  eliminate  the 
possibility  that  computers  could  be 
taken  over  by  unauthorized  users. 
One  sign  of  the  seriousness  of  the 
problem  is  that  Internet  service 
providers  are  considering  the  cost 
effectiveness  of  accepting  only  traf¬ 


fic  from  known  entities.  However, 
this  approach  could  block  access  to 
online  sites  and  eliminate  the  end-to- 
end  nature  of  the  Internet. 
Government  and  private  industry 
will  need  to  continue  to  work  closely 
to  address  this  issue  from  both  a  pol¬ 
icy  and  operational  perspective. 

2.  Defining  Cyber-War  and  Cyber- 
Conflict.  The  Estonia  situation 
showed  the  difficulties  present  in 
defining  cyber-conflict.  Although  a 
nation-state  was  suspected  of  caus¬ 
ing  the  DDOS  attacks  against 
Estonia’s  key  Web  resources,  it  was 
difficult  to  trace  ultimate  culpability. 
In  addition,  there  was  a  question  of 
whether  this  type  of  denial  of  ser¬ 
vice  would  be  considered  a  cyber¬ 
incident  of  national  significance 
considering  the  fact  that  it  caused 
more  annoyance  than  actual  harm. 
Although  the  Estonia  situation 
seemed  to  bring  attention  to  the  fact 
that  nation-state  strategic  cyber 
activity  might  be  on  the  rise,  it  equal¬ 
ly  brought  light  to  the  fact  that  cyber 
rules  of  engagement  have  yet  to  be 
defined.  Much  work  will  have  to  be 
done  in  the  next  decade  defining 
international  law  and  norms  of 
behavior,  by  treaty  or  other  means, 
to  ensure  that  the  Internet  will  sur¬ 
vive  in  light  of  a  rise  in  nation-state 
cyber  conflict. 

3.  Authentication  (Public  Key  Infra¬ 
structure/Domain  Name  System 
[DNS]  Security  Extension  [DNSSEC] 
Deployment).  To  ensure  secure  and 
stable  Internet  communications,  it  is 
essential  that  Internet  users  have 
confidence  that  they  are  communi¬ 
cating  with  the  parties  with  whom 
they  intend.  For  the  Internet  to  com¬ 
plete  its  evolution  into  the  key  plat¬ 
form  for  all  types  of  communica¬ 
tions,  there  must  be  confidence  that 
the  global  network  infrastructure  is 
secure  and  reliable.  Users  must  con¬ 
tinue  to  be  able  to  trust  that  they  are 
communicating  with  the  people  they 
intend  to  communicate  with,  that 
they  are  doing  so  in  a  timely  fashion, 
and  that  the  data,  video,  or  voice 
calls  they  are  sending  or  receiving 
remain  confidential  and  their  integri¬ 
ty  is  protected. 

An  essential  element  in  assuring 
this  security  is  that  domain  names 
have  a  trustworthy  mapping  to  IP 
addresses  and  are  not  tampered  with 
or  disrupted.  DNSSEC  authenticates 
communications  through  the  use  of 
public  keys  bound  to  a  unique  user  to 
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ensure  that  IP  addressing  is  authen- 
tic  and  accurate.  It  should  be  inte¬ 
grated  into  the  Internet  to  provide 
for  assured  distribution  of  IP 
addresses  and  autonomous  system 
numbers.  DNSSEC  would  validate 
DNS  addresses  and  deter  spoofing 
of  Web  sites  (thereby  allowing  com¬ 
munications  to  be  misdirected)  and 
other  Internet  services.  Signing  the 
Internet’s  root  zone  files  (the 
Internet  Assigned  Numbers 
Authority  [lANA]  root)  and  the 
roots  for  the  Top  Level  Domains 
(TLDs)  would  also  improve  Internet 
integrity. 

4.  Routing  Security  (Border  Gate¬ 
way  Protocol  [BGP];  Router 
Upgrades).  As  noted  in  the  discus¬ 
sion  of  Internet  growth,  the  increase 
in  Internet  traffic  raises  questions  of 
whether  computational  capacity  on 
root  zone  servers  can  meet  demand, 
and  whether  the  constant  updating  of 
routing  tables  will  strain  the  routers’ 
computational  ability.  The  BGP  is 
used  to  perform  interdomain  routing 
on  the  Internet  and  is  vulnerable  to 
spoofing  and  mis  configuration, 
which  can  lead  to  the  misrouting  of 
Internet  traffic.  While  technologies 
to  increase  BGP  security,  such  as 
Secure  BGP  and  Secure  Origin  BGP, 
exist  to  protect  against  BGP  vulnera¬ 
bilities,  they  are  expensive,  require 
widespread  implementation,  and 
have  not  been  widely  adopted  by  the 
community.  Ultimately,  operators  will 
have  to  step  up  to  the  cost  or  figure 
out  an  alternative  that  eliminates  the 
problem. 

5.  Out-of-Band  Control  Space  for 
the  Internet.  The  PSTN  relies  on  a 
parallel,  out-of-band  network  (the 
SS7  network),  to  separate  telecom¬ 
munications  content  from  opera¬ 
tional  control  messages.  This  paral¬ 
lel,  out-of-band  management  ap¬ 
proach  vastly  increases  the  security 
and  reliability  of  the  PSTN  network. 
Current  Internet  architecture  does 
not  permit  out-of-band  management 
of  the  Internet  control  space  where 
both  communications  content  and 
message  control  information  are 
sent  over  the  same  network  at  the 
same  time.  This  subjects  Internet 
traffic  flow  to  the  risk  of  tampering 
and  corruption.  An  out-of-band 
control  space  for  the  Internet  could 
greatly  improve  the  ability  to  isolate 
network  management  data  and 
increase  reliability. 

Each  of  these  issues  has  already 


drawn  USG  attention.  USG  reliance  on 
the  Internet,  or  on  other  agencies  and 
businesses  that  rely  upon  the  Internet, 
make  the  Internet  a  target  for  any  oppo¬ 
nent.  The  fact  that  a  few  highly  qualified 
individuals  can  create  significant  trouble 
in  this  environment  merely  underscores 
the  attractiveness  of  targeting  the 
Internet  as  a  tool  of  asymmetric  warfare 
in  which  terrorists  as  well  as  nation 
states  can  engage. 

Organizations 

The  third  trend,  changes  in  how  the 
Internet  is  governed,  simply  complicates 
how  to  deal  with  the  first  two  trends. 

•  The  U.S.  has  had  considerable  influ¬ 
ence  over  how  the  Internet  has  been 
governed,  but  that  influence  is  now 

**IANA  would  be  the 
logical  holder  of  the 
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root  key,  but  its 
connection  with  the  USG 
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countries  it  opposes/* 


Ukely  to  wane  for  several  reasons. 
First,  as  the  Internet  becomes  more 
embedded  around  the  world,  the  tech¬ 
nical  expertise  that  once  resided  large¬ 
ly,  if  not  exclusively,  in  the  United 
States  is  becoming  dispersed.  Second, 
the  creators  of  the  Internet,  many  of 
whom  were  once  employed  by  the 
USG  and  who,  through  its  prestige, 
history,  and  expertise  continue  to  have 
considerable  influence  in  the  various 
governance  forums,  are  now  retiring. 
Third,  virtually  all  governments  now 
recognize  the  importance  of  the 
Internet  for  economic  reasons,  and 
there  is  universal  appreciation  of  the 
Internet’s  capability  to  enhance  free 
speech  -  a  positive  value  to  many 


nations  but  a  threat  to  others.  For  one 
reason  or  another  (or  both),  some 
governments  now  want  to  control 
Internet  decision-making.  They  seek 
to  displace  the  private  sector,  which 
has  largely  had  control  over  key 
Internet-related  decisions  for  the  past 
two  decades  as  a  result  of  U.S.  policy 
in  favor  of  such  control.  Similarly, 
some  want  to  displace  the  role  of  the 
United  States,  which  maintains  some 
limited  control  by  its  agreements  with 
the  Internet  Corporation  for  Assigned 
Names  and  Numbers  (ICANN)  and 
the  lANA,  both  of  which  play  a  role 
in  the  domain  name  system  that 
assigns  Internet  addresses  and  autho¬ 
rizes  TLDs  (such  as  .com). 

•  The  American  private  sector,  on 
which  the  USG  has  relied  to  repre¬ 
sent  its  interests  because  of  their 
close  alignment  on  most  significant 
Internet  policy  questions,  is  growing 
increasingly  globalized.  The  close 
working  relationship  may  not  be  sus¬ 
tainable  in  that  environment. 

The  responses  to  these  challenges 

are  both  short-  and  long-term: 

1.  Resolving  the  Status  of  ICANN. 
The  USG,  through  the  Department 
of  Commerce  (DoC),  created 
ICANN  in  1998  and  contracted 
with  it  to  operate  lANA,  which  per¬ 
forms  vital  IP  addressing  functions, 
including  maintaining  the  domain 
addresses  on  the  Internet’s  13  root 
zone  servers  (and  more  than  100 
anycast  clones).  Since  then,  the  DoC 
has  maintained  a  Memorandum  of 
Understanding  (now  a  Joint  Project 
Agreement  QPA])  with  ICANN,  the 
purpose  of  which  is  to  ensure  that 
ICANN  would  become  sufficiently 
democratic,  transparent,  account¬ 
able,  and  efficient  so  that  it  could  be 
allowed  to  fully  privatize.  The  cur¬ 
rent  JPA  ends  in  2009,  and  the  DoC 
has  received  comments  in  response 
to  a  Notice  of  Inquiry  as  a  mid-term 
review  regarding  ICANN’s  status  in 
becoming  secure  and  stable  organi¬ 
zation.*  The  problem  is  complex: 
not  only  is  there  the  issue  of 
whether  ICANN  has  met  its  goals, 
but  also  there  is  the  problem  of 
whether  a  fully  privatized  structure 
can  be  guaranteed  protection  from 
other  governments’  attempts  to 
exercise  unwanted  influence  over  its 
operations.  Although  there  is  no 
equivalent  issue  with  regard  to 
IAN  A,  with  which  the  USG  has  not 
promised  to  eventually  terminate  its 
contract,  other  governments  contin- 
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ue  to  press  for  a  change  in  lANA’s 
status.  The  dispute  has  other  ramifi¬ 
cations.  lANA  would  be  the  logical 
holder  of  the  public  part  of  the 
signed  root  key,  but  its  connection 
with  the  USG  raises  serious  objec¬ 
tions  in  some  quarters  from  those 
who  claim  to  fear  that  the  USG 
could  use  its  influence  to  disrupt 
traffic  to  and  from  countries  it 
opposes. 

2.  Defining  the  Role  of  the  Interna¬ 
tional  Telecommunication  Union 

(ITU).  The  ITU  is  a  United  Nations- 
related  agency  that,  for  many  decades, 
has  been  the  principal  international 
forum  for  standards  related  to  tele¬ 
phone  service.’  It  is  also  the  only  sig¬ 
nificant  organization  related  to 
Internet  governance  where  govern¬ 
ments  are  the  sole  voting  parties.  The 
ITU  has  long  played  a  role  with 
regard  to  the  Internet.  Because  the 
Internet  is  carried  over  telephone  net¬ 
works,  standards  related  to  those  net¬ 
works’  involvement  in  the  Internet 
are  often  addressed  by  the  ITU. 
However,  some  governments  see  the 
ITU  as  a  way  to  extend  their  influence 
over  Internet  decision-making  and, 
therefore,  are  pressing  for  an  expan¬ 
sion  of  the  ITU’s  role  in  Internet- 
related  issues.  The  ITU’s  leadership 
seems  open  to  some  of  these  ideas. 
The  Secretary  General  of  the  ITU 
recently  told  a  gathering  in 
Washington,  D.C.,  that  he  would  con¬ 
sider  having  ICANN’s  government 
advisory  committee  become  a  func¬ 
tion  of  the  ITU.  Some  of  those  ques¬ 
tions  are  likely  to  be  addressed  during 
the  World  Telecommunications  Stan¬ 
dards  Assembly,  to  be  held  later  this 
year,  and  the  World  Telecommunica¬ 
tions  Policy  Forum  scheduled  for 
2009. 

3.  Artificial  Intelligence  as  a  Substi¬ 
tute  for  Organizational  Control. 

Those  who  control  the  technical 
hierarchies  and  centralized  nodes  of 
the  Internet  also  hold  greatest 
power  over  the  network  and,  ulti¬ 
mately,  its  users.  There  needs  to  be 
research  to  explore  the  possible 
reconfiguration  of  the  DNS  proto¬ 
cols  and  any  other  infrastructure 
tools  that  are  inherently  hierarchical 
or  centralized  in  nature  with  a  view 
toward  eliminating  as  many  techni¬ 
cal  points  as  possible  that  require 
human  decision-making.  Research 
should  also  be  conducted  to  deter¬ 
mine  whether  changes  in  protocols 
and  use  of  artificial  intelligence  at 


key  decision  points,  together  with 
increased  use  of  mirroring,  open 
architectures,  and  other  transparen¬ 
cies  would  enable  greater  overall 
system  adjustments  via  competitive 
market  forces  rather  than  through 
organizations,  such  as  ICANN, 
which  would  reduce  the  pressure  for 
increased  political  control. 

The  Way  Forward 

The  way  forward  must  focus  on 
research  and  representation.  There  are 
a  variety  of  defense  organizations  that 
fund  projects  that  address  the  evolu¬ 
tionary  aspects  of  Internet  R&D  or 
alternative  technologies,  including  the 
Army,  the  Naval  Research  Labs,  and 
DARPA.  DARPA  recently  released  a 
Request  for  Information  for  Assurable 
Global  Networking,  suggesting  a 
renewed  interest  from  DARPA  in  alter¬ 
nate  technologies.  Part  of  their  work 
involves  participating  in  the  White 
House’s  Office  of  Science  and 
Technology  Policy’s  Networking  and 
Information  Technology  Research  and 
Development  program,  which  is  the 
result  of  the  High-Performance 
Computing  Act  of  1991,105  Stat.  1594, 
and  the  Next  Generation  Research  Act 
of  1998,  112  Stat.  219.'“ 

The  challenge  for  the  DoD  is  assur¬ 
ing  the  continued  coordination  of  all 
this  work  to  ensure  security  and  stabili¬ 
ty  within  the  fast-changing  Internet  and 
the  increasing  capabilities  of  those 
attacking  its  security  and  stability.  The 
needs  of  the  GIG  are  driving  some  of 
this  activity,  as  are  the  tactical  and 
strategic  concerns  surrounding  terrorist 
and  nation-state  use  of  the  Internet 
against  our  national  security  interests. 
The  National  Defense  University  will 
shortly  publish  an  extensive  report  on 
cjber  power  that  may  help  facilitate  the 
discussion,  but  developments  happen 
so  quickly  that  the  discussion  must  be 
constant  and  intense.  The  evolving 
recognition  of  the  significance  of  the 
challenge  and  its  broader  implications 
for  national  security  should  push  cur¬ 
rent  activity  to  an  even  higher  level. 

Similarly,  the  DoD  currently  partici¬ 
pates  in  some  organizations  that  are 
involved  in  Internet-related  decision¬ 
making.  As  the  operator  of  .mil,  the 
DoD  tracks  activity  in  the  American 
Registry  for  Internet  Numbers,  the 
Regional  Internet  Registry  for  North 
America,  and  parts  of  the  Caribbean. 
The  DoD  also  monitors  developments 
in  the  Internet  Engineering  Task  Force 
(IETF),  which  sets  standards  for  core 


Crosstalks 

Th*  Joitmtl  of  Oofontt  Softi»«r«  fn|in««rifig 

Get  Your  Free  Subscription 
Fill  out  and  send  us  this  form. 


517SMXS/MXDEA 
6022  Fir  Ave 
Bldg  1238 

HILL  AFB,  UT  84056-5820 
Fax:  (801)  777-8069  DSN:  777-8069 
Phone:  (801)  775-5555  DSN:  775-5555 

Or  request  online  at  www.stsc.hill.af.mil 


Name:. 


Rank/Grade:_ 
Position/Title: 
Organization:_ 
Address: _ 


Base/City: _ 

State: _ Zip:. 

Phone:( _ ) _ 

Fax:( _ ) _ 


E-mail: _ 

Check  Box(es)  To  Request  Back  Issues: 


Apr2007  □ 
May2007  □ 
June2007  □ 
July2007  □ 
Aug2007  □ 
Sept2007  □ 
Oct2007  □ 
NOV2007  □ 
Dec2007  □ 
Jan2008  □ 
Feb2008  □ 
Mar2008  □ 
Apr2008  □ 
May2008  □ 
June2008  □ 


Agile  Development 
Software  Acquisition 
COTS  Integration 
Net-Centricity 
Stories  of  Change 
Service-Oriented  Arch. 
Systems  Engineering 
Working  as  a  Team 
Software  Sustainment 
Tfiaining  and  Education 
Small  Pfiojects,  Big  Issues 
The  Beginning 
Project  Tfiacking 
Lean  Principles 
Software  Quality 


'  To  request  BACK  ISSUES  ON  topics  not  ' 

*  USTED  ABOVE  PLEASE  CONTACT  <STSC.  * 

*  CUSTOMERSERVICE@HILL.AF.MIL>.  * 


July  2008 


www.stsc.hill.af.mil  I  9 


Information  Assurance 


Internet  functions,  and  the  related 
Internet  society.  The  DoD  has  regular¬ 
ly  been  active  at  the  ITU,  although  with 
a  greater  focus  on  the  wireless  spec¬ 
trum  rather  than  the  Internet.  In  many 
cases,  the  DoD  has  only  had  the  ability 
to  monitor  developments,  and  not  to 
drive  activity  or  offer  leadership  in 
these  organizations  that  are  reputation- 
based  and  require  active  and  sustained 
participation. 

The  continuing  challenge  is  to  coor¬ 
dinate  all  of  these  activities  within  the 
DoD,  with  the  rest  of  the  USG,  and 
with  the  American  private  sector.  The 
ability  to  influence  cannot  rest  solely  on 
one’s  government  status.  Even  at  the 
ITU,  where  governments  control  the 
votes,  key  policy  decisions  about  tele¬ 
phone  networks  are  made  in  the  study 
groups  where  the  private  sector  domi¬ 
nates.  Influence  there  is  dependent  on 
constant  and  highly  competent  partici¬ 
pation  by  individuals.  The  same  is  true 
at  ICANN  and  the  lETR  Hence,  the 
DoD’s  ability  to  analyze  issues  based  on 
its  vast  technical  insights,  its  needs  as  a 
user,  and  its  status  as  an  Internet  ser¬ 
vice  provider  give  it  a  unique  ability  to 
work  in  these  environments.  Other 
agencies  have  important  roles  to  play, 
but  their  work  can  be  powerfully 
enhanced  by  committed  DoD 
support. ♦ 
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Notes 

1.  A  megacommunity  is  defined  and 
referenced  as  the  following: 

...  a  public  sphere  in  which 
organizations  and  people  delib¬ 
erately  join  together  around  a 
compelling  issue  of  mutual 
importance,  following  a  set  of 
practices  and  principles  that 
will  make  it  easier  for  them  to 
achieve  results.  Like  a  business 
environment,  a  megacommuni¬ 
ty  contains  organizations  that 
sometimes  compete  and  some¬ 
times  collaborate.  But  a  ... 
megacommunity  is  a  larger 
ongoing  sphere  of  interest, 
where  governments,  corpora¬ 
tions,  non-governmental  orga¬ 


nizations,  and  others  intersect 
over  time.  The  participants 
remain  interdependent  because 
their  common  interest  compels 
them  to  work  together,  even 
though  they  might  not  see  or 
describe  their  mutual  problem 
or  situation  in  the  same  way. 
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The  Unified  Cross  Domain  Management  Office: 
Bridging  Security  Domains  and  Cultures 


Marianne  Bailey 
OASD(IIA) 

The  Unified  Cross  Domain  (CD)  Management  Ofijice  (UCDMO)  was  established  July  2006  to  address  the  needs  ofi  the 
DoD  and  the  IC  to  share  information  and  bridge  disparate  networks.  Information  sharing  is  a  requirement  that  spans  both 
departments  and  requires  the  ability  to  share  information  from  the  most  highly  classified  networks  to  the  most  open  coalition 
networks.  The  UCDMO  was  created  to  address  the  duplication,  inefficiencies  and  resulting  ineffectiveness  resultingfrom years 
of  uncoordinated  activities  in  the  CD  arena. 


The  UCDMO  was  established  on  July 
10,  2006,  by  the  Assistant  Secretary  of 
Defense  for  Networks  and  Information 
Integration  and  Department  of  Defense 
Chief  Information  Officer  (ASD(NII)/ 
DoD  CIO),  the  Honorable  John  Grimes, 
and  the  Associate  Director  of  National 
Intelligence  and  CIO,  the  Honorable  Dale 
Meyerrose  (ADNI  &  CIO).  As  the  necessi¬ 
ty  to  share  information  between  the  DoD, 
the  IC,  and  U.S.  foreign  allies  has  continu¬ 
ously  increased,  the  ability  to  bridge  dis¬ 
parate  networks  (security  domains)  has 
become  critical.  Information  sharing  is  a 
requirement  that  spans  both  departments 
and  requires  the  ability  to  share  informa¬ 
tion  from  the  most  highly  classified  net¬ 
works  to  the  most  open  coalition  networks. 
In  the  past,  these  bridges  or  CD  mecha¬ 
nisms  were  developed  behind  the  doors  of 
each  organization  for  their  specific  applica¬ 
tions.  The  result  from  years  of  doing  busi¬ 
ness  in  this  way  has  led  to  many  CD 
stovepipes  with  independent  sustainment 
tails,  a  tremendous  number  of  interconnec¬ 
tions,  inconsistent  security  and  risk-mitiga¬ 
tion  practices,  and  inadequate  policies. 

In  addition,  customers  looking  for  a 
solution  to  enable  them  to  share  informa¬ 
tion  across  security  domains  had  nowhere 
to  go  to  seek  help  and  often  would  develop 
another  stovepiped  solution.  In  the  DoD, 
this  flood  of  components  into  the  current 
certification  process  resulted  in  a  wait  time 
anywhere  from  one  to  two  years  before 
approval  to  operate  was  granted.  In  the  IC, 
there  was  less  consistency  among  the  agen¬ 
cies  resulting  in  varying  security  practices. 
In  an  arena  wrought  with  a  lack  of  stan¬ 
dards  and  excessive  duplication,  the  worst 
part  was  that  even  for  those  who  endured  a 
two-year  wait  the  customer’s  requirement 
for  sharing  information  was  not  being  met. 
In  short,  the  lack  of  adequate  CD  mecha¬ 
nisms  and  common  standards,  policies  and 
processes  were  significandy  impacting  the 
ability  of  the  United  States  to  ensure  criti¬ 
cal  information  was  available  when  and 
where  it  was  needed.  The  CIOs  realized  the 
need  to  join  forces  to  solve  the  CD  prob¬ 


lem  and  created  the  UCDMO  to  address 
the  duplication,  inefficiencies  and  ineffec¬ 
tiveness  resulting  from  years  of  uncoordi¬ 
nated  activities  in  the  CD  arena. 

The  UCDMO  faced  two  initial  chal¬ 
lenges:  staffing  the  office,  and  tackling  the 
initial  tasking  given  to  them  by  the  CIOs  to 
clean  up  the  state  of  CD  in  the  DoD  and 
IC.  Specifically,  they  were  charged  with  get¬ 
ting  the  list  of  current  operational  mecha¬ 
nisms  down  to  24  specific  mechanisms. 
Meyerrose  and  Grimes  felt  that  24  was  a 
reasonable  number  of  discrete  CD  mecha¬ 
nisms  for  the  community.  They  wanted  to 
make  sure  there  were  enough  to  fill  the 
requirements  of  the  DoD  and  IC,  but  not 
so  many  as  to  cause  significant  redundancy. 
With  a  staff  of  five,  the  UCDMO  knew 
they  would  have  to  draw  upon  the  commu¬ 
nity  to  tackle  this  task.  To  obtain  support 
for  both  the  staffing  and  the  initial  task,  the 
UCDMO  leadership  began  a  series  of 
meetings  with  aU  major  agency  CIOs  to 
request  full-time  staff  as  well  as  participa¬ 
tion  in  aU  tiger  team'  initiatives. 

To  address  the  current  state  of  CD,  the 
UCDMO  led  a  community  tiger  team  to 
determine  a  process  for  vetting  the  current 
operational  solutions  and  eventually  devel¬ 
op  a  CD  baseline.  The  team  quickly  real¬ 
ized  the  need  for  a  common  CD  taxonomy 
to  ensure  that  aU  communities  would  speak 
the  same  language.  First  on  the  list  was 
defining  CD.  The  following  definition  was 
developed,  vetted  through  the  DoD  and 
IC,  and  approved: 

A  CD  mechanism  is  defined  as  a 
form  of  controlled  interface  that 
provides  the  ability  to  manually 
and/ or  automatically  access  and/  or 
transfer  information  between  dif¬ 
fering  security  domains.  [1] 

The  CD  taxonomy  was  released  in  January 
2007  and  can  be  found  on  the  UCDMO 
Web  site'.  Beginning  with  an  initial  list  of 
more  than  800  items  believed  to  be  CD 
products,  the  tiger  team  developed  a  fairly 
simple  set  of  criteria  and  over  the  course  of 


three  months  whittled  the  list  of  acceptable 
CD  solutions  down  to  15  discrete  items. 

Products  on  the  baseline  are  deter¬ 
mined  to  meet  the  community  standards 
and  are  available  for  reuse  as  a  point  solu¬ 
tion  or  as  an  enterprise  service.  Each  of 
these  products  is  approved  for  a  specific 
implementation  such  as  bridging  a  top 
secret  to  secret  domain  or  bridging  a  secret 
to  unclassified  domain.  To  make  the  list 
more  useful  to  the  customer,  the  UCDMO 
categorized  CD  mechanisms  as  transfer, 
access,  and  multilevel  A  transfer  device  permits 
the  movement  of  data  from  one  domain  to 
another.  An  access  device  allows  a  user  to  sit 
on  one  workstation  and  access  multiple 
domains  but  not  move  data  between  them. 
A  multilevel  device  stores  and  processes 
information  of  different  security  levels  in  a 
common  repository  but  only  allows  a  user 
to  view  appropriate  information  based  on 
his/her  credentials.  CD  baseline  mecha¬ 
nisms  are  identified  based  on  these  three 
categories.  An  updated  version  of  the  list  is 
released  whenever  there  is  a  change  to  the 
baseline.  The  UCDMO  Web  site^  contains 
the  latest  version  of  the  CD  baseline  (see 
Table  1,  next  page)  with  descriptions  and 
points  of  contact  for  each  mechanism. 
Those  items  that  did  not  make  the  baseline 
were  placed  in  other  categories  such  as 
research,  development,  legacy  devices,  or 
CD  tools  and  were  put  into  a  queue  to  be 
handled  by  a  foUow-on  UCDMO  effort. 
New  products  are  added  to  the  baseline  if 
they  meet  the  following  three  criteria: 

•  Capability.  Address  a  capability  gap  or 
extend  current  capabilities  in  a  signifi¬ 
cant  manner  or  lower  cost. 

•  Certification.  Complete  certification 
testing  with  no  findings  of  concern. 

•  Lifecycle.  Dfecycle  support  and  sus¬ 
tainment  for  at  least  three  years. 

By  September  2007,  UCDMO  staff 
had  grown  to  30  individuals.  The  UCDMO 
management  re-addressed  their  charter  and 
goals  and  established  four  key  initiatives  to 
bring  the  communities  together  and  solve 
the  CD  problem: 

1 .  Strategic  outreach  and  communication. 
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Information  Assurance 


CD  Baseline  versus  2.1  (Released  Julv 

2007) 

Transfer 

Access 

Multi-Level 

DSG  2.1 

HP  NetTop  1.3 

ML  Chat  1.0 

DTW3.4/3.4  N5 

DTW3.4/3.5  N5 

TNE  9.0.1 

ISSE  3.5B2 

Janus  5.1 

MODS  3.1 

MODS  3.1 

Radiant  Mercury  4.0.5  P3 

MLTC  3.0 

Smart. next  3.0 

Secure  Office  Thin  Client  v1 .1 

TDX  2.3 

TGS  2.1  PI 

TSABI  OWT 

Table  1 :  CD  baseline 


CD  Capabilities 

Push 

Data 

Subscribe/Distribute  Information  Feeds 

Post  Data  to  Repositories 

Delivery  to  Specified  Recipients 

Import  Data 

Export  Data 

Transfer  Streaming  Data 

Perform  CD  l&A  and  Attribute  Management 

Collaboration 

Exchange  E-mail 

Single  Electronic  Inbox 

Conduct  Instant  Messaging  and  Text  Chat 

Shared  Workspaces 

Audio  Conferencing 

Video  Conferencing 

Centralized  IT 
Management 

Centralized  IT  Services  (DNS,  DHCP) 

Centralized  Backup  and  Restore 

CD-Required  Capabilities 

Centralized  CD  Audit 

Centralized  Monitoring 

Remote  CDS  Administration 

Remote  IT  Administration 

Error  Notification 

Content 
Inspection 
and  Release 

Enforce  Reliable  Human  Review 

Malicious  Content  Prevention 

Perform  Attribute-Based  Access  Control 

Hidden  Content  Identification 

Enforce  Content  Policy 

Allow  Policy  Override 

Rules  Management 

Remote 
Access 
Centralized 
Repository 
and  Other 

Application  Sharing 

Multilevel  Data  Repositories 

Network  Reduction 

Desktop  Reduction 

Table  2:  CD  Capabilities 


2.  Transition  to  baseline  and  enterprise 

services. 

3.  Align  DoD/IC  policies  and  processes. 

4.  Manage  a  CD  investment  strategy. 

These  initiatives  were  developed  to 

complement  one  another  as  well  as 
address  the  lack  of  a  single  DoD/IC  point 
of  contact  for  CD  activities,  the  disparate 
and  inefficient  policies  and  process,  the 
duplication  in  research,  development  and 
testing,  the  excessive  costs  and  security  risk 
of  managing  point  CD  solutions,  and  the 
lack  of  a  focused  effort  to  meet  the  com¬ 
munity’s  requirements. 

The  main  focus  of  Initiative  1  is  to 
provide  one  voice  to  all  organizations 
involved  in  the  CD  space,  whether  it  be 
customers,  policy  makers,  or  vendors.  As 
part  of  the  outreach  element,  the 
UCDMO  leadership  visits  the  combatant 
commanders,  services,  and  agencies  to 
provide  information  and  solicit  feedback 
on  their  recent  initiatives  and  their  long¬ 
term  strategy.  The  UCDMO  holds  three 
types  of  official  forums:  customer,  devel¬ 
oper,  and  a  yearly  conference.  The  cus¬ 
tomer  forum  is  held  on  a  periodic  basis  to 
roll  out  major  deliverables.  The  October 
2007  customer  forum  was  held  at  the 
Army  Research  Lab  in  Adelphi,  Maryland, 
and  was  attended  by  approximately  250 
individuals.  The  forum  involved  three  days 
of  interactive  sessions  describing  the  new 
implementation  process  and  the  associated 
DNI/DoD  C&A  transformation. 

In  November,  the  UCDMO  held  its 
first  developer  forum,  known  as 
Developer  Days,  to  begin  parsing  through 
all  CD  research  programs.  In  these  ses¬ 
sions,  a  CD  R&D  program  office  provides 
CD  program  reviews  to  a  community 
SME  panel.  During  these  reviews,  the  ven¬ 
dor  and  their  associated  government  spon¬ 
sor  spend  one  hour  providing  information 
specific  to  their  program,  such  as  CD 
requirements  being  addressed,  program 
milestones,  status,  funding  profiles,  and 
program  risks.  The  UCDMO  held  succes¬ 
sive  Developer  Days  in  February,  March, 
and  April.  The  recommendations  from  the 
SME  panel  will  feed  into  the  CD  invest¬ 
ment  strategy  discussed  in  Initiative  2. 
Additionally,  the  UCDMO  will  hold  a  year¬ 
ly  CD  conference.  The  first  conference 
was  held  in  May  2007  in  San  Diego, 
California.  More  than  600  customers  and 
developers  attended  the  conference.  The 
Honorable  John  J.  Grimes,  the  Honorable 
Dale  Meyerrose,  and  Vice  Admiral  Brown, 
JSJ6,  were  among  the  keynote  speakers. 
This  year’s  conference  is  being  planned  for 
October  2008.  Information  will  be  posted 
to  the  UCDMO  Web  site. 

Initiative  2  will  ensure  that  the  commu- 
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nity  moves  from  legacy  point  CD  solutions 
to  available  baseline  or  enterprise  CD  ser¬ 
vices.  Every  CD  connection  introduces  a 
risk  to  the  networks  and  the  data.  CD  solu¬ 
tions  are  complex  and  require  lifecycle 
support  such  as  installing  security  patches 
and  updating  malicious  code  software 
inspection  mechanisms.  Since  the  health  of 
the  CD  mechanism  is  so  critical  to  ensur¬ 
ing  the  security  of  the  device,  it  is  impera¬ 
tive  that  these  devices  be  rigorously  main¬ 
tained.  In  the  operational  world,  experi¬ 
ence  has  shown  that  these  devices  are  not 
being  adequately  maintained.  The  cus¬ 
tomer  does  not  want  the  responsibility  of 
deploying  and  maintaining  the  CD  mecha¬ 
nism;  what  they  want  is  the  capability  to 
share  information  across  domains. 
Establishing  CD  enterprise  services  will 
solve  this  issue.  Initial  CD  implementa¬ 
tions  at  the  enterprise  will  provide  current 
CD  baseline  products  in  an  enterprise 
capacity.  To  begin  this  transition,  the 
UCDMO  and  enterprise  service  providers 
win  partner  with  the  customer  to  roll  out 
CD  enterprise  services  for  customers 
requiring  new  or  replacing  legacy  CD 
capabilities.  In  the  DoD,  Teresa  White 
leads  the  DoD  CD  Enterprise  service 
organization,  and  for  the  IC,  Dan  Nichols 
at  Defense  Information  Agency  is  stand¬ 
ing  up  CD  services  at  regional  service  cen¬ 
ters.  The  focus  towards  CD  enterprise  ser¬ 
vices  provides  users  the  required  informa¬ 
tion  sharing  capabilities  without  the 
headaches  of  acquiring,  certifying,  accred¬ 
iting  and  maintaining  point  CD  mecha¬ 
nisms.  Additionally,  enterprise  CD  services 
win  be  the  avenue  for  achieving  global 
awareness  of  enterprise  connectivity  and 
greatly  improve  the  security  of  our  net¬ 
works. 

Initiative  3  is  critical  in  ensuring  com¬ 
mon  implementations  throughout  the 
community.  The  UCDMO  is  linked  into 
the  new  DNI-led  DoD/IC  C&A  transfor¬ 
mation.  One  of  the  initial  tasks  was  to 
develop  a  common  set  of  security  controls 
that  win  be  recognized  and  accepted 
throughout  both  communities.  This  is  the 
cornerstone  to  reciprocity  in  implementa¬ 
tion,  reusability,  and  efficiency. 
Additionany,  the  UCDMO  has  drafted  a 
single  CD  implementation  process  that 
win  ehminate  the  need  for  duphcative  test¬ 
ing,  promote  sharing  bodies  of  evidence, 
and  provide  accelerated  approval  for  CD 
enterprise  or  basehne  solutions.  Both  the 
security  controls  and  the  implementation 
process  are  available  on  the  UCDMO  Web 
site.  The  UCDMO  is  currently  developing 
a  series  of  CD  profiles  which  will  identify 
the  minimum  security  controls  required 
for  a  transfer,  access,  or  multilevel  mecha¬ 


nism.  These  profiles  will  assist  the  devel¬ 
opment  organizations  and  can  be  used  by 
vendors  as  build-to  guidance  as  well  as  aid 
the  testing  organizations  in  ensuring  a 
common  and  thorough  set  of  standards. 
Implementing  a  common  set  of  policies 
and  procedures  across  these  communities 
is  more  of  a  cultural  challenge  than  a  tech¬ 
nical  challenge.  In  the  past,  each  commu¬ 
nity  had  separate  standards  and  policies  in 
addition  to  individual  accreditation  author¬ 
ities.  This  may  have  made  sense  before  our 
networks  were  so  interconnected,  but  we 
must  realize  that  every  interconnection, 
every  implementation  of  a  CD  solution 
puts  our  networks  at  risk.  Many  of  the  cur¬ 
rent  connections  were  made  based  solely 
on  mission  need  without  sufficient  consid¬ 
eration  for  protecting  the  networks  and 
data.  There  is  no  arguing  that  success  in 
moving  to  a  centralized  approach  for 
implementing  approved  CD  solutions  will 
require  a  major  cultural  change.  As  the 
CIOs  for  the  DoD  and  IC,  John  Grimes 
and  Dale  Meyerrose  are  committed  to 
ensuring  adequate  protection  of  DoD  and 
IC  networks  and  are  the  catalyst  for  this 
change. 

The  4th  UCDMO  initiative  is  develop¬ 
ing  a  community-wide  CD  investment 
strategy.  This  initiative  began  almost 
immediately  upon  establishment  of  the 
UCDMO  by  consolidating  the  community 
CD  requirements  into  a  comprehensive  list 
of  31  CD  capabilities  (Table  2). 

Additionally,  the  UCDMO  began  to 
compile  a  list  of  aU  CD  R&D  efforts 
throughout  the  DoD  and  IC.  Today,  there 
is  tremendous  duplication  among  these 
efforts.  Most  of  these  programs  are  target¬ 
ing  the  same  five  or  six  requirements. 
There  is  no  coordination  or  even  central¬ 
ized  tracking.  It  is  very  difficult  for  a  cus¬ 
tomer  to  determine  what  other  similar 
activities  are  occurring  in  the  community. 
The  UCDMO  mapped  the  31  capabilities 
to  the  currently  available  baseline  mecha¬ 
nisms  and  to  the  known  R&D  activities 
resulting  in  a  CD  gap  analysis.  The 
UCDMO  released  Version  1.0  of  the  CD 
investment  summary  in  March  2008. 
Additionally,  they  will  provide  CD  invest¬ 
ment  recommendations  to  the  CIOs. 
Some  programs  will  be  recommended  for 
termination,  others  recommended  for 
consolidation,  and  new  programs  will  be 
suggested  to  target  CD  requirements  gaps. 
The  goal  of  Initiative  4  is  to  provide  a 
focused,  intentional,  and  targeted  CD 
R&D  program. 

The  UCDMO  will  also  deliver  an  over¬ 
all  CD  strategy  for  both  the  DoD  and  the 
IC  in  the  CD  Roadmap.  Building  on  aU 
four  initiatives,  this  plan  will  lay  the  frame¬ 


work  to  ensure  that  CD  will  support  both 
current  and  future  information  sharing. 

CD  is  a  critical  enabler  for  implement¬ 
ing  the  President’s  National  Security 
Strategy  goal  of  information  sharing^.  The 
work  of  the  UCDMO,  coupled  with  sup¬ 
port  from  the  community,  will  make  great 
strides  in  reaching  that  goal.  Since  its 
inception,  the  UCDMO  has  produced  a 
CD  baseline  of  products  available  for 
reuse,  a  list  of  known  CD  mechanisms  in 
R&D,  and  a  list  of  products  that  will  need 
to  be  replaced  in  the  next  few  years.  In 
addition,  a  common  DoD  and  IC  process 
for  CD  implementation  has  been  devel¬ 
oped.  The  UCDMO  has  also  made  signif¬ 
icant  contributions  to  policies  throughout 
the  DoD  and  IC  and  will  continue  to  have 
influence  in  the  future.  Success  of  the 
UCDMO  requires  a  cultural  change  in 
which  aU  partners  work  toward  a  common 
goal  of  enhancing  our  information  sharing 
capabilities  by  fuUy  supporting  the 
UCDMO  initiatives.^ 
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The  DoD’s policy,  planning,  and  ivarfighting  capabilities  are  heavily  dependent  on  the  IT  foundation  provided  by  the 
GIG.  However,  the  GIG  was  built  for  business  efficiency  instead  of  mission  assurance  against  sophisticated  adver¬ 
saries  who  have  demonstrated  intent  and  proven  their  ability  to  use  cyber  as  a  tool for  espionage  and  the  criminal  theft 
of  data.  GIG  mission  assurance  works  to  ensure  the  DoD  is  able  to  accomplish  its  critical  missions  when  networks, 
services,  or  information  are  unavailable,  degraded,  or  distrusted.  This  article  explores  current  threats  to  the  GIG  and 
outlines  the  solutions  that  the  DoD  has  developed  to  protect  our  networks. 


The  information  environment  in 
which  the  DoD  operates  is  global, 
mobile,  and  interconnected.  Depen¬ 
dence  on  shared  critical  information 
infrastructures  are  a  strategic  advantage 
as  well  as  a  weakness.  National  security 
is  challenged  by  sophisticated  adver¬ 
saries  who  have  demonstrated  intent 
and  proven  their  ability  to  use  cyber  as 
a  tool  for  espionage  and  the  criminal 
theft  of  data.  Successfully  defending 
the  DoD’s  networks  and  information 
from  sophisticated  adversaries  is  a  seri¬ 
ous  challenge.  Unlike  the  hacker  com¬ 
munity,  sophisticated  adversaries  are 
well  resourced,  trained,  and  often  have 
the  backing  of  foreign  intelligence  ser¬ 
vices,  transnational  groups,  or  orga¬ 
nized  crime.  Sophisticated  adversaries 
leverage  a  full  range  of  information 
operations  to  achieve  their  goals.  Every 
year,  attempts  to  penetrate  DoD  net¬ 
works  increase;  still,  there  has  been  no 
wide-scale  disruption  of  the  critical 
information  infrastructures  on  which 
the  DoD  depends  for  mission  success. 

However,  in  February  2008,  the  IC 
warned  of  increasing  cyber  attacks  by 
foreign  governments,  non-state  actors, 
and  criminal  elements  exploiting  vul¬ 
nerabilities  of  the  U.S.  information 
infrastructure  [1].  Sophisticated  adver¬ 
saries  have  the  technical  means,  the 
insider  knowledge  of  national  infra¬ 
structures,  and  the  intent  to  manipulate 
data  and  disrupt  critical  and  vulnerable 
national  resources.  At  the  same  time, 
the  DoD  Inspector  General  published 
an  audit  of  the  DoD’s  mission-critical 
IT  systems  which  found  that  61  percent 
lacked  contingency  plans  or  evidence  of 
such  plans,  and  82  percent  have  never 
been  exercised,  leading  the  audit  to 
conclude  that  “  ...  DoD  mission-critical 
systems  may  not  be  able  to  sustain 
warfighter  operations  during  a  disrup¬ 
tive  or  catastrophic  event”  [2]. 

National  security  depends  on  assured 


global  information  infrastructures  that  are 
reliable  and  resilient.  Real-time  risk  man¬ 
agement  and  situational  awareness  are 
essential  to  responding  to  a  cyber  crisis,  as 
is  the  consideration  of  what  national  secu¬ 
rity  missions  are  affected,  potential  cas¬ 
cade  effects,  and  the  prioritized  approach¬ 
es  for  restoration. 

**National  security 
depends  on  assured 
global  information 
infrastructures  that  are 
reliable  and  resilient. 
Real-time  risk 
management  and 
situational  awareness 
are  essential  to 
responding  to  a 
cyber  crisis 

The  DoD’s  policy,  planning,  and 
warfighting  capabilities  are  heavily 
dependent  on  the  IT  foundation  pro¬ 
vided  by  the  GIG.  Net-centric  informa¬ 
tion  environments  provide  reliable, 
instant,  and  meaningful  information 
that  shape  DoD  positions,  as  well  as 
prepare  and  enable  a  joint  warfighting 
force  to  dominate  air,  land,  maritime, 
and  space.  In  2006,  the  DoD  aligned 
cyberspace  as  a  warfighting  domain 
alongside  the  traditional  domains  of  air, 
land,  maritime,  and  space.  However,  it 
is  not  a  sanctuary  advantage  for  the 
DoD,  but  a  borderless,  pervasive,  and 
hostile  operating  environment  for  all 


missions. 

In  February  2007,  responding  to 
growing  threats  to  the  GIG,  the  DoD 
took  additional  steps  to  increase 
resilience  against  sophisticated  cyber 
attacks.  DoD  leadership  recognized 
that  the  solution  set  included  a  broad 
spectrum  of  experts  from  lA,  the 
Homeland  Security  Critical  Infrastruc¬ 
ture,  and  the  Joint  Chiefs  of  Staff.  A 
working  group  was  charged  with  ana- 
lyzing  the  issue  and  laying  out  a  plan  of 
action  to  ensure  that  the  DoD  is  able  to 
accomplish  its  critical  missions  when 
networks,  services,  or  information  are 
unavailable,  degraded,  or  untrusted. 
The  DoD’s  mission-essential  functions 
(MEFs)  such  as  deploying  the  armed 
forces,  maintaining  command  authority, 
and  global  situational  awareness  were 
deemed  critical.  GIG  mission  assurance 
was  defined  as  the  level  of  confidence  that 
the  GIG  will  provide  adequate  support  for 
critical  MEFs  in  the  face  of  full-spectrum 
attack  from  a  sophisticated  adversary. 

The  scope  of  the  problem  includes 
the  networks,  services,  and  information 
needed  to  conduct  cyberspace  opera¬ 
tions,  consistent  with  the  National 
Military  Strategy  for  Cyberspace 
Operations  and  other  documents  such 
as  the  National  Strategy  to  Secure 
Cyberspace  [3]  and  the  National 
Response  Framework  [4].  Additionally, 
to  improve  resiliency,  protection,  and 
continuity  of  services,  the  underlying 
infrastructures  such  as  power  and 
telecommunications  networks  are  criti¬ 
cal  to  the  DoD’s  ability  to  conduct  its 
missions.  Guiding  principals  for  the  ini¬ 
tiative  include  the  following: 

•  GIG  mission  assurance  is  a  continu¬ 
ously  changing  and  adapting  set  of 
capabilities  protecting  against  all 
adversaries  which  ensures  execution 
of  mission  essential  functions. 

•  GIG  mission  assurance  is  built  on  sur- 
vivable  communications  (transport). 
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trustable  information  (content),  and 
timely  services  (applications). 

•  Mission  operations  (the  warfighter) 
must  allow  for  and  compensate  for 
failures  and  losses  from  natural  and 
human  adversaries  that  are  persis¬ 
tently  present. 

•  The  GIG  must  provide  force-wide 
survivahle,  robust,  and  resilient 
capabilities  against  sophisticated 
adversaries. 

The  problem  domain  is  large  and 
spans  people,  processes,  technology, 
associated  training,  policy/governance, 
and  architectures.  There  are  many  disci¬ 
plines  and  organizations  involved  with¬ 
in  the  DoD  including,  but  not  limited 
to,  cyber  protection,  detection,  recon¬ 
stitution,  intelligence,  continuity  of 
operations,  and  critical  infrastructure 
protection.  Additionally,  the  DoD’s  role 
in  national  response,  emergency  pre¬ 
paredness,  and  support  must  be  consid¬ 
ered  in  a  holistic  approach  for  address¬ 
ing  how  the  GIG  enables  essential  mis¬ 
sions.  Ensuring  the  DoD  can  accom¬ 
plish  these  missions  while  operating  in 
a  degraded  information  environment 
requires  a  much  broader  range  of  activ¬ 
ities,  and  requires  close  coordination 
between  the  IT  community  and  the 
warfighter.  For  example,  to  accomplish 
the  MEFs,  the  warfighter  must  define 
more  concise  technology  requirements 
as  well  as  train  and  equip  forces  to 
achieve  mission  success  despite  a 
degraded  cyber  domain.  Additionally, 
the  IT  community  must  provide  the 
warfighter  situational  awareness  for 
failure  and  cascade  effects  of  the  GIG 
as  related  to  specific  MEFs,  and  build 
diverse  and  resilient  capabilities.  During 
a  sophisticated  attack,  the  IT  communi¬ 
ty  must  restore  capabilities  to  support 
current  mission  priorities  as  the 
warfighter  compensates  for  loss  in  ser¬ 
vices.  In  short,  the  DoD’s  response 
activities  must  operate  at  the  speed  of 
light,  verses  the  speed  of  policy.  Response 
options  must  be  synchronized,  priori¬ 
tized,  and  coordinated  to  minimize 
effects  on  national  security  missions 
and  ensure  that  MEFs  can  successfully 
survive  an  attack. 

Conclusion  and  2008 
Priorities 

In  a  net-centric  information  environ¬ 
ment  that  is  globally  interconnected, 
there  are  insufficient  resources  to  pro¬ 
tect  and  defend  all  aspects  of  the  GIG 
at  all  times  from  growing  and  asymmet¬ 
ric  threats.  Additionally,  the  DoD  GIG 


can  be  denied  or  degraded  by  non- 
cyber  events  on  dependent  critical 
infrastructures  such  as  power  and 
telecommunications.  A  change  in  phi¬ 
losophy  is  needed,  as  well  as  an  inte¬ 
grating  framework  for  a  holistic 
approach  balancing  resources  and  risk 
to  protect  our  capabilities  which  enable 
MEFs.  There  are  steps  both  strategic 
and  actionable  to  improve  the  DoD’s 
posture  and  ability  to  survive  sophisti¬ 
cated  cyberspace  attacks.  GIG  support 
to  mission  assurance  requires  integrated 
plans,  programs,  and  operations  across 
lA,  computer  network  defense,  cyber¬ 
space  intelligence  activities,  and  critical 
infrastructure  protection.  To  better 
understand  the  shortfalls  and  enable 
solutions,  DoD  priorities  in  this  area 
include  the  following: 

•  Exercising  military  operations  under 
a  severely  degraded  cyber  environ¬ 
ment. 

**The  bottom  line  is 
that  the  GIG  is 
DoD's  force  multiplier 
for  mission  success 
in  air,  land,  sea,  and 
cyberspace  ...  The 
DoD  is  acting 
on  the  solutions 
necessary  to 
ensure  mission 
success/* 

•  Improving  resilience,  prioritization 
for  recovery,  and  continuity  of 
operations. 

•  Redefining  network  command  and 
control  capabilities  with  regard  to 
prioritized  reconstitution  of  GIG 
services. 

•  Resourcing  and  planning  for  mis¬ 
sion  assurance  with  combatant  com¬ 
mands,  services,  and  agencies. 

The  bottom  line  is  that  the  GIG  is  the 
DoD’s  force  multiplier  for  mission  success 
in  air,  land,  sea,  and  cyberspace.  The  GIG 
must  compensate  for  loss  due  to  cyber¬ 
space  disruption,  and  the  users  must  pre¬ 
pare  to  operate  in  a  degraded  environ¬ 
ment.  The  DoD  is  acting  on  the  solutions 


necessary  to  ensure  mission  success.^ 
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Educated  and  Trained  Information  Assurance  Workforce: 

Key  to  Our  Mission  Success 

George  Bieber 

Director,  Information  Assurance  Workforce  Improvement  Program 

The  article  summarises  the  DoD’s  strategic  lA  workforce  objectives,  progress  made  in  2007  toward  implementation,  and  the 
way  ahead  in  2008  and  beyond. 


Just  like  any  organized  structure,  a  high¬ 
ly  networked  systems  environment  is 
only  as  good  as  its  people.  Federal  agen¬ 
cies  and  organizations  are  unable  to  pro¬ 
tect  the  integrity,  confidentiality,  and 
availability  of  information  without  a 
workforce  that  is  adequately  trained  and 
educated  in  lA.  DoDD  8570.1,  L4 
Training,  Certification,  and  Workforce 
Management,  and  its  accompanying  lA 
Workforce  Improvement  Program  (WIP) 
manual  (DoD  8570.01-AI),  represent  the 
first  steps  toward  building  and  making 
professional  the  lA  workforce  within  the 
DoD.' 

The  lA  WIP  implements  the  require¬ 
ments  of  DoDD  8570.1  and  establishes 
the  organization’s  lA  WIP  policy  and 
procedures.  Its  initiatives  are  aligned  to 
the  DoD  Information  Management/IT 
Strategic  Plan.  The  program’s  vision  is  to 
establish  an  lA  professional  workforce 
with  knowledge,  skills  and  abilities  to 
effectively  prevent,  deter,  and  respond  to 
threats  against  DoD  information,  infor¬ 
mation  systems,  and  information  infra¬ 
structures.  Integral  to  this  vision  is  the 
ability  to  effectively  manage  the  lA  work¬ 
force  to  place  people  with  the  right  skills 
in  the  right  place  at  the  right  time. 

The  foundation  to  build  this  capabili¬ 
ty  consists  of  the  following  five  strategic 
lA  workforce  objectives: 

1.  Certify  the  workforce.  Establish 
baseline  certifications  across  the 
enterprise  and  certify  the  workforce 
according  to  those  baselines. 

2.  Manage  the  workforce.  Provide  the 
tools  to  facilitate  both  component 
management  of  its  lA  workforce  and 
the  insight  of  the  OSD  into  DoD’s 
overall  workforce  status  and  certifica¬ 
tion  posture. 

3.  Sustain  the  workforce.  Enable  DoD 
workforce  to  receive  continuous 
learning  opportunities  to  keep  their 
skills  current  to  combat  new  network 
threats. 

4.  Extend  the  discipline.  Infuse  lA 
into  professional  education  programs 
to  expand  operational  leadership’s 
attention  to  the  domain. 

5.  Evaluate  the  workforce.  Establish  a 


means  of  assessing  compliance  and 
measuring  program  effectiveness. 

Milestones  to  Success 

The  2007  calendar  year  marked  the  con¬ 
clusion  of  the  first  year  of  a  four-year 
implementation  plan  for  the  lA  WIP. 
Significant  milestones  were  met  through¬ 
out  the  year  within  each  strategic  objective 
area.  The  following  are  a  few  of  these 
important  milestones: 

•  The  DoD  met  its  goal  to  certify  10 
percent  of  the  lA  workforce  for 
2007.  The  CIO  DIAP,  charged  with 
the  oversight  of  the  lA  WIP,  put  in 
place  a  number  of  initiatives  to  assist 
DoD  component  lA  managers  and 
personnel  to  achieve  this  goal  includ¬ 
ing  certification  self-assessment  pro¬ 
grams.  For  example,  the  International 
Information  Systems  Security 
Certifications  Consortium  (ISC2)  Self 
Assessment  Program  for  the  DoD, 
provided  Certification  Information 
System  Security  Professional  (CISSP) 
candidates  access  to  practice  exam 
questions  that  yielded  measurable 
results  for  students  to  assess  their  level 
of  preparedness.  Self-assessment  pro¬ 
grams  are  also  available  for  students 
seeking  Global  Information  Assurance 
Certification,  Information  Systems 
Audit  and  Control  Association,  and 
Computing  Technology  Industry 
Association  certifications. 

•  The  CIO  DIAP  put  the  enterprise¬ 
wide  concept  into  practice  by 
developing  and  conducting  a  cer¬ 
tification  voucher  program  on 
behalf  of  the  DoD  components 
(known  as  the  Voucher  Pilot 
Program).  Personnel  certification 
requirements  were  gathered  from  the 
components  and  coordinated  with 
commercial  certification  providers  in 
the  form  of  bulk  voucher  purchases. 
The  Personnel  Certification  Support 
System  (PCSS),  an  online  voucher 
management  system,  maintained  all 
voucher  allocation  and  distribution 
information  for  each  component. 
The  PCSS  will  continue  to  be  used 
for  the  second  year  of  implementa¬ 


tion  as  an  effective  tool  to  manage 
certification  vouchers. 

•  Upgrades  to  the  Defense  Civilian 
Personnel  Data  System  (DCPDS) 
are  complete  and  the  lA  personnel 
data  entry  process  is  under  way. 
Components  must  now  enter  all  rele¬ 
vant  civilian  lA  workforce  data  into 
the  DCPDS  including  lA  positions 
held  and  appropriate  training  and  cer¬ 
tification  requirements.  This  milestone 
achievement  brings  components  a  step 
closer  to  more  effective  civilian  work¬ 
force  management.  Increased  work¬ 
force  management  provides  leadership 
with  assurance  that  qualified  lA  per¬ 
sonnel  are  filling  lA  positions. 

•  The  Defense  Federal  Acquisition 
Regulation  Supplement  (DFARS) 
required  by  DoD  Directive  8570.1  is 
officially  approved  and  can  be  used 
in  new  solicitations  and  resulting 
contracts.  The  new  clause  was  pub¬ 
lished  in  the  January  10,  2008  issue  of 
the  Federal  Register.  The  announce¬ 
ment  included  actual  wording  for  the 
clause  regarding  lA  contractor  training 
certification.  DFARS  guidance  in¬ 
structs  that  any  modifications  to  exist¬ 
ing  contracts  will  have  to  be  negotiat¬ 
ed  with  the  contractor.^ 

•  DISA-supported  enhancements  of 
the  Carnegie  Mellon  University 
developed  Virtual  Training  En¬ 
vironment  (VTE)  to  provide  train¬ 
ing  to  meet  DoDD  8570  require¬ 
ments.  The  CIO  DIAP  has  funded 
specific  training  and  lab  capabilities  for 
this  program,  making  it  available  at  no 
cost  to  10  percent  of  DoD  personnel 
in  2007.  The  VTE  is  a  resource  to 
DoD  employees  for  information 
assurance,  incident  response  and  com¬ 
puter  forensic  training,  with  close  to 
600  hours  of  materials  available.  The 
environment  delivers  classroom 
instruction  and  self-paced  online  train¬ 
ing  for  CompTIA  security+  and  ISC2 
CISSP  to  name  a  few.  Seven  DoD 
8570.01-M  role-based  optional  courses 
are  currently  available  for  personnel. 
Additional  training  courses  will  be 
offered  in  the  near  future. 
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•  In  fiscal  year  2007,  29  students 
graduated  from  the  program  and 
are  currently  working  full  time  in 
lA  strategic  positions  across  the 
DoD.  The  DoD  lA  scholarship  pro¬ 
gram  awarded  269  scholarships  to 
students  seeking  bachelor’s,  mas¬ 
ter’s  and  doctorate  degrees  in  lA 
fields  of  study  since  the  program’s 
inception  in  2001.  The  DoD  lA 
Scholarship  Program  (lASP)  awarded 
269  scholarships.  In  fiscal  year  2007, 
29  students  graduated.  The  lASP  pro¬ 
vides  educational  incentives  to  foster 
the  recruitment  and  retention  of  qual¬ 
ified  lA/IT  personnel.  As  a  resource 
for  DoD  lA  professionals  to  continu¬ 
ously  enhance  their  skiUs  and  to  keep 
current  with  technology  and  threats, 
the  lASP  supports  the  lA  WIP  strate¬ 
gic  objective  to  sustain  the  workforce.’ 

Monitor  Success 

As  the  message  about  the  lA  WIP  pro¬ 
gram  disseminates  across  the  DoD,  the 
goals  become  more  rigorous  and  the  mis¬ 
sion  more  clear.  The  second  year  (2008)  of 
the  program’s  implementation  includes 
the  following  new  challenging  milestones: 

•  By  the  end  of  2008,  40  percent  of  the 
DoD  workforce  must  be  certified 
according  to  DoD  8570.01 -M  baseline 
policy  requirements. 

•  New  specialty  positions  were  pro¬ 


posed  for  integration  into  a  second 
change  to  the  8570.01-M  including 
C&A  and  software  application  devel¬ 
opers.  SME  working  groups  wiU  be 
organized  to  focus  on  the  strategy  and 
planning  to  execute  these  proposed 
changes. 

•  The  strategic  lA  workforce  objective, 
Evaluate  the  Workforce,  will  play  a  greater 
role  in  program  activities.  The  first  lA 
WIP  site  review  will  be  conducted  in 
the  first  quarter  of  2008.  The  intent  of 
these  site  reviews  is  to  verify  DoD 
component  compliance  with  require¬ 
ments  of  DoDD  8570.1  and  8570.01- 
M.  Furthermore,  on-site  inspections 
provide  the  opportunity  for  the  DIAP 
to  assess  the  level  of  effectiveness  of 
the  lA  WIP  at  the  operational  level. 

Achieve  Success 

Ultimately,  the  DIAP  seeks  to  foster  con¬ 
tinued  improvement  throughout  each  year 
of  the  program’s  lifecycle.  The  implemen¬ 
tation  planning  strategy  of  the  lA  WIP 
dictates  a  continuous  cycle  of  milestone 
achievement,  benefits  actualization,  over¬ 
sight,  and  improvement.  Adherence  to 
this  planning  strategy  will  result  in  a  better 
trained,  certified,  and  professional  DoD 
lA  workforce.  Results  wiU  yield  a  more 
capable  workforce  -  and  the  more  capa¬ 
ble  the  workforce,  the  more  Ukely  it  is  to 
achieve  DoD  mission  success.^ 


Notes 

1.  Supporting  documents  can  be  found 
at  <www.whs.mil>. 

2.  The  full  guidance  can  be  found  at 
<www.acq.osd.mil/ dpap/ dars/ dfars 
pgi/current/index.html>. 

3.  More  information  about  the  I  ASP  can 
be  found  at  <www.defenseUnk.mil/ 
cio-nii/iasp>. 
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Transforming  lA  Certification  and  Accreditation 
Across  the  National  Security  Community 


Eustace  D.  King 
OASD(Nll)/DoD  CIO 

The  lA  C&'A  transformation  is  a  partnership  that  stretches  across  the  DoD,  DNI,  CNSS,  National  Institute  of  Science 
and  Technology  (NIST),  and  the  Office  of  Management  and  Budget.  Much  progress  has  been  made  since  the  DoD  and 
DNI  CIOs  published  an  initial  set  of  transformation  goals  in  January  2007;  however,  much  work  remains.  While  core 
transformational  documents  are  being  authored  through  the  CNSS  and  NIST,  many  of  their  underlying  transformational 
concepts  are  being  implemented  in  the  DoD  through  the  new  DIACAP  and  in  the  intelligence  community  through  the  near- 
final  IC  Directive  503. 


The  C&A  transformation  is  actually 
part  of  a  larger  transformation. 
Within  the  DoD,  this  transformation  is 
centered  on  net-centric  operations  as  set 
forth  in  the  National  Military  Strategy' 
with  the  GIG  as  a  critical  enabler.  Within 
the  IC,  it  is  centered  on  a  drive  toward 
integration,  customer  service,  and 
advances  in  analytic  capability. 

What  is  common  across  the  DoD  and 
the  IC  is  the  need  to  leverage  the  power  of 
information  through  sharing  and  collabo¬ 
ration.  This  means  ensuring  that  useful, 
understandable  information  is  visible  and 
available  where  it  is  needed,  when  it  is 
needed,  and  to  those  who  need  it.  It  also 
means  that  users  and  entities  acting  on 
their  behalf  (e.g.,  software  services)  can 
connect  and  partner  to  generate  new 
knowledge,  get  work  done,  or  conduct 
net-enabled  operations. 

Because  the  way  the  national  security 
community  creates  and  uses  information 
is  changing,  it  must  change  the  way  it 


builds  networks,  provisions  services,  and 
manages  data.  In  turn,  it  must  change  the 
way  it  works  together  to  identify,  validate, 
authorise,  manage,  and  sustain  lA  capabilities, 
which  are  the  objectives  of  C&A^. 

Thus,  the  C&A  transformation  is 
about  changing  the  way  the  national  secu¬ 
rity  community  manages  lA  risk.  This 
means  breaking  down  unnecessary  barri¬ 
ers  between  community  members  and 
improving  information  sharing  among  the 
security,  IT  provider,  and  IT  user  commu¬ 
nities.  C&A  originated  during  the  days 
when  a  few,  large  standalone  mainframes 
with  custom  code  were  typical,  and  a  steady 
state  with  quantifiable  residual  risk  was 
expected.  The  national  security  communi¬ 
ty  is  transforming  to  service-centric,  glob¬ 
ally  interconnected  information  enterpris¬ 
es  constructed  largely  from  commercially 
acquired  general  purpose  IT.  The  legacy, 
system-centric  practice  of  C&A  hinders 
information  sharing  and  blocks  the  timely 
delivery  of  mission-critical  systems. 


What  Is  the  Status  of  the 
C&A  Transformation? 

While  the  C&A  transformation  was  initi¬ 
ated  by  and  remains  under  the  joint  spon¬ 
sorship  of  the  DoD  and  DNI  CIOs,  key 
partners  include  the  CNSS,  particularly 
the  C&A  working  group,  and  the  NIST, 
particularly  the  computer  security  divi¬ 
sion.  The  engagement  and  sponsorship  of 
the  CNSS  allows  key  policies  and  guide¬ 
lines  to  be  developed  and  published  for  a 
broader  community:  aU  federal  depart¬ 
ments  and  agencies  with  NSS.  Engage¬ 
ment  with  NIST  allows  for  synchroniza¬ 
tion  of  concepts,  standards,  and  guide¬ 
lines  across  both  NSS  and  non-NSS. 
Some  of  these  documents  are  currently 
under  formal  community  review  in  the 
CNSS;  others  are  stiU  in  the  drafting  stage 
(Table  1).  Other  supporting  activities, 
including  transition  planning  and  training, 
are  ongoing. 

Transition  may  vary  in  time  and  man¬ 
ner  across  the  national  security  communi¬ 
ty.  Some  organizations  are  planning  to  fol¬ 
low  the  C&A  transformation  process  and 
doctrine  even  while  documents  are  going 
through  final  review.  Others  may  wait  until 
the  authoring  process  is  completed,  which 
is  expected  to  occur  around  the  end  of 
calendar  year  2008.  Readers  must  look  to 
each  department’s  or  agency’s  policy 
issuance  for  these  details.  For  example,  the 
IC’s  transition  details  are  being  promulgat¬ 
ed  in  IC  Directive  503  and  supporting 
issuance  whereas  the  DoD’s  transition 
details  are  being  promulgated  in  the  DoD 
8500  series,  primarily  the  new  DoD 
Instruction  (DoDI)  8510.01,  the  online 
DIACAP  knowledge  service",  and  an 
upcoming  revision  of  DoDI  8500.2. 

What  Are  the  C&A 

Transformation  Goals? 

In  January  2007,  the  DoD  and  DNI  CIOs 
published  seven  goals  for  transforming 
C&A  processes  across  the  DoD  and  the 
IC.  The  following  are  the  original  seven 


Table  1 :  NSS  Documents  Currently  Under  Tormal  Community  Review 


Document 

Purpose 

Status 

CNSSP22 

Establishes  a  national  risk  management  policy 
for  national  security  systems. 

Under  formal 
review  by  CNSS 

CNSSI  1199 

Establishes  the  way  the  national  security 
community  categorizes  information  and 
information  systems  with  regard  to 
confidentiality,  integrity,  and  availability. 

Under  formal 
review  by  CNSS 

CNSSI  1253, 
aka  Security 
Controls 

Catalog 

Consolidates  DCID  6/3,  DOD  Instruction 
8500.2,  NIST  SP  800-53,  and  other  security 
sources  into  a  single  cohesive  repository  of 
security  controls. 

Under  formal 
review  by  CNSS 

CNSSI  1253A 

Provides  methodology  for  assessing 
adequacy  of  each  security  control,  e.g.,  testing. 

In  progress 

CNSSI  1260 

Provides  guidance  to  organizations  with  the 
characterization  of  their  information  and 
information  systems. 

In  progress 

Next 

Generation 

NIST  800-37 

Defines  the  C&A  process  (joint  DNI,  DoD, 

NIST  activity). 

In  progress 
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goals  along  with  some  implementation 
details.  While  the  DoD-IC  partnership  is 
highlighted,  the  expectation  is  that  many 
of  the  outcomes  and  benefits  described 
will  be  realized  across  the  greater  national 
security  community  and  between  NSS  and 
non-NSS. 

1.  Define  a  common  set  of  impact 
levels  and  adopt  and  apply  them 
across  the  DoD  and  IC.  These  are 
being  defined  in  the  new  CNSS 
Instruction  (CNSSI)  1199  with  consid¬ 
eration  for  the  authorities,  complexi¬ 
ties,  classification  needs,  and  special 
risks  inherent  in  the  national  security 
community. 

2.  Adopt  reciprocity  as  the  norm, 
enabUng  organizations  to  accept 
the  approvals  by  others  without 
retesting  or  reviewing.  Commonly 
recognized  types  of  national  security 
information  and  systems  are  being 
described  in  the  new  CNSSI  1260. 
These  win  be  supported  by  reciprocity 
profiles,  tailored  sets  of  security  con¬ 
trols  for  sharing  specific  types  of 
national  security  information  or  sys¬ 
tems.  Commonly  recognized  types  of 
information  and  systems  with  associat¬ 
ed  reciprocity  profiles  will  provide 
agreement  on  security  objectives. 
Common  security  controls  and  assess¬ 
ment  methods  will  provide  transparen¬ 
cy  of  security  implementation. 

3.  Define,  document,  and  adopt  com¬ 
mon  security  controls,  using  NIST 
SP  800-53  as  a  baseUne.  The  new 
CNSSI  1253  is  a  comprehensive  infor¬ 
mation  system  security  controls  cata¬ 
log  that  starts  with  NIST  Strategic 
Plan  800-53  and  normalizes  and  con¬ 
solidates  the  controls  from  DoDI 
8500.2,  DCID  6/3,  the  UCDMO,  and 
CNSS  policies  (for  example,  CNSS 
PoHcy  12,  National  Information  Assurance 
Volley  for  Space  Systems  Used  to  Support 
National  Security  Missions),  as  well  as 
new  controls  developed  through 
research  related  to  emerging  topics 
such  as  outsourcing,  supply  chain  risk, 
and  service-oriented  architecture.  The 
new  CNSSI  1253A  is  a  companion 
document  that  provides  common 
assessment  objectives  (i.e.,  expected 
results)  and  methods  for  the  common 
controls. 

4.  Adopt  a  common  lexicon,  using 
CNSSI  4009  as  a  baseUne,  thereby 
providing  both  the  DoD  and  IC  a 
common  language  and  common 
understanding.  The  new  CNSSI 
4009  win  serve  as  a  shared  dictionary. 

5.  Institute  a  senior  risk  executive 
function,  which  bases  decisions  on 


an  enterprise  view  of  risk  consider¬ 
ing  all  factors,  including  mission, 
IT,  budget,  and  security.  The  previ¬ 
ous  DoD  C&A  process  was  intended 
to  balance  mission,  program,  and  secu¬ 
rity  risk,  but  the  horizon  was  local,  not 
enterprise.  Today’s  complex,  many-to- 
many  relationships  among  missions, 
business  functions,  and  supporting 
information  systems  require  a  holistic, 
enterprise-wide  view  to  managing 
risks.  The  DoD  is  implementing  this 
goal  via  the  DIACAP  governance 
structure  established  in  DoDI  8510.01. 
The  DIACAP  governance  structure 
establishes  C&A  roles  and  responsibil¬ 
ities  and  collaboration  mechanisms  at 
every  organizational  level,  from  GIG 
mission  areas  to  heads  of  components 
and  their  chief  information  officers  to 
individual  system  program  managers, 
developers,  and  operators.  This  com¬ 
prehensive  governance  structure  is 
intended  to  establish  a  relationship 
between  aggregated  information  secu¬ 
rity  risks  and  organizational  or  enter¬ 
prise  mission  and  business  risks  while 
helping  individuals  with  responsibili¬ 
ties  for  system  implementation  and 
operations  to  better  understand  how 
the  information  security  issues  associ¬ 
ated  with  their  systems  translate  into 
organizational  or  enterprise  security 
concerns.  Over  time,  the  DoD  expects 
to  continue  to  improve  this  structure 
and  strengthen  its  interfaces  with  IC 
governance  structures.  Additionally,  as 
part  of  the  next  generation  800-37,  the 
DoD  is  working  with  NIST  and  the 
DNI  to  address  C&A  processes  for 
federated  enterprises,  i.e.,  for  systems 
and  services  that  span  departments 
and  agencies,  coalitions,  or  interna¬ 
tional  strategic  partners 

6.  Incorporate  lA  into  enterprise 
architectures  and  deliver  lA  as 
common  enterprise  services  across 
the  DoD  and  IC.  The  DoD  is  imple¬ 
menting  this  goal  via  the  lA  compo¬ 
nent  of  the  GIG  integrated  architec¬ 
ture,  a  new  alignment  framework  for 
GIG  lA,  and  a  suite  of  lA  capabilities 
and  services  being  realized  though  the 
GIAP. 

7.  Enable  a  common  adaptable  pro¬ 
cess  that  incorporates  security 
within  the  lifecycle  processes  and 
eliminates  security-specific  pro¬ 
cesses.  The  DoD  is  implementing  this 
goal  via  continued  integration  of  lA 
into  the  Joint  Capabilities  Identifica¬ 
tion  and  Development  System'*. 

Who  is  responsible  for  coordinating 

the  DoD’s  participation  in  the  C&A  trans¬ 


formation? 

•  ClO-to-CIO  Relations:  Gus  Guissa- 
nie.  Principal  Deputy,  DASD(IIA). 

•  C&A  Operations:  Eustace  King,  DIA¬ 
CAP  Program  Manager. 

•  DoD  lA  Policy:  Don  Jones,  Senior 
Policy  Advisor. 

Special  Thanks 

With  input  from  Sharon  Ehlers,  Office  of 

the  Associate  Director  of  National 

Intelligence  and  CIO,  and  Ron  Ross, 

Computer  Security  Division,  IT 

Laboratory,  NIST.^ 

Notes 

1.  An  unclassified  version  is  available  at 
<www.defenselink.mil/news /Mar 
2005  /d2005031 8nms.pdf> . 

2.  For  example,  see  the  DIACAP  defini¬ 
tion  in  DoDI  8510.01,  Nov.  2007 
<www.dtic.mil/  whs/ directives/ corres/ 
insl.html>. 

3.  <https:/ / diacap.iaportal.navy.mil>. 

4.  Chairman  of  the  Joint  Chiefs  of  Staff 
Instruction  3170. OIF.  I  May  2007 
<www.dtic.mil/ cjcs_directives/ edata/ 
unlimit/3170_01.pdf>;  the  Defense 
Acquisition  System  (DoDD  5000.1), 
and  related  issuance,  <https:/ / 
akss.dau.mil/dapc/index.aspx>);  and 
NetOps  <www.stsc.hill.af mil/ Cross 
Talk/2007/07/0707Lam.html>. 
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Web  Sites 


lA  Support  Environment 

http://iase.disa.mil/index2.html 

With  the  banner,  “Your  one  stop  shop  for  lA  information,”  this 
site  is  sponsored  by  the  Defense  Information  Systems  Agency, 
and  offers  links  to  a  wide  variety  of  lA-related  topics  including 
lA  training,  lA  tools,  vulnerability  management,  and  important 
announcements.  The  subject  matters  covered  include  applica¬ 
tion  security,  computer  network  defense,  high  assurance  inter¬ 
net  protocol,  and  CD  solutions.  There  is  also  a  link  to  upcom¬ 
ing  conferences  and  workshops. 

Global  I A  Certification  (GIAC) 

www.giac.org 

The  primary  goal  of  this  Web  site  is  to  address  the  need  to  val¬ 
idate  the  skills  of  security  professionals  and  developers.  GIAC 
certification  provides  assurance  that  a  certified  individual  meets 
a  minimum  level  of  ability  and  possesses  the  skills  necessary  to 
do  the  job.  The  standards  for  the  GIAC  certification  were  devel¬ 
oped  using  the  highest  benchmarks  in  the  industry.  The  site 
offers  a  complete  breakdown  of  the  GIAC  process. 

The  Center  for  Education  and  Research  in 
lA  and  Security  (CERIAS) 

www.cerias.purdue.edu 

The  mission  of  CERIAS  is  to  advance  the  knowledge  and  prac¬ 
tice  of  lA  and  security  through  the  performance  of  world-class 


research,  the  delivery  of  the  highest  quality  education,  and  by 
serving  as  an  unbiased  source  of  information  locally,  nationally, 
and  internationally.  CERIAS  is  unique  among  national  centers 
in  its  multidisciplinary  approach  to  problems,  ranging  from 
purely  technical  issues  (e.g.,  intrusion  detection,  network  secu¬ 
rity,  etc.)  to  ethical,  legal,  educational,  communications,  lin¬ 
guistic,  and  economic  issues,  and  the  subtle  interactions  and 
dependencies  among  them. 

National  lA  Training  and  Education 
Center  (NIATEC) 

http://niatec.info 

NIATEC  is  a  consortium  of  academic,  industry,  and  govern¬ 
ment  organizations  with  the  goal  of  improving  the  literacy, 
awareness,  training,  and  education  standards  in  lA,  and  is  based 
at  Idaho  State  University.  As  the  federally  designated  corner¬ 
stone  for  essential  education  and  training  components  of  a 
strong  lA  initiative,  NIATEC  s  mission  is  to  establish  an  effec¬ 
tive  lA  infrastructure  for  academic,  industry,  and  government 
organizations.  NIATEC  has  been  active  in  the  development  of 
training  standards  associated  with  both  the  National  Institute  of 
Standards  Publication  800-16  and  the  National  Security 
Telecommunications  and  Information  Systems  Security 
Committee  4011,  4012,  4013,  4014,  4015,  and  4016  docu¬ 
ments. 


l^J/y stems  &  Software 
Technology  Conference 

"Technology: Tipping  the  Balance" 


Thanks  to  everyone  who  participated  at 
SSTC  2008  in  Las  Vegas,  Nevada! 

Online  proceedings  are  now  available  to  attendees. 

SSTC  2009  Call  for  Speakers  and  Exhibitor 
Information  will  be  available  mid-August. 


www.sstc-online.org 
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BackTalk 


Engineer’s  Cadenza  in  G  Minor 


Confused  about  lA?  Join  the  club.  Confidentiality,  integrity, 
authentication,  and  availability  dominate  the  chatter  while 
effective  and  useful  are  taciturn  in  lA  circles.  Are  we  talking 
assurance  as  in  “a  declaration  to  inspire  confidence”  or  assurance 
as  in  “that  which  is  designed  to  give  confidence?”  I’m  hearing  a 
lot  of  declaration  and  not  much  design  or  confidence.  What’s  an 
engineer  to  do? 

Sit  back,  relax,  pop  in  the  ear  buds,  and  crank  up  Johann 
Sebastian  Bach’s  third  movement  of  the  Brandenburg  Concerto  #3. 
Listen  to  the  uniform  division  of  parts  between  the  three  string 
groups.  Listen  how  they  combine  to  play  in  unison  and  then  dart  off 
into  a  varied  musical  dialogue.  As  they  glide  on  separate  melodic 
paths,  never  does  one  string  dominate  or  another  pale.  They  never 
compete  or  collide,  but  exist  in  one  accord. 

For  me,  this  is  what  an  effective  information  highway  would 
sound  like  if  it  made  sound.  You  can  hear  streams  of  information 
dancing  across  the  wires  and  airways  from  destination  to  destina¬ 
tion;  frenzied,  wispy,  vigilant,  yet  congruent.  Bach  maintained  order, 
confidence,  and  integrity  in  this  movement  without  stifling  creativi¬ 
ty  —  a  masterpiece  in  balance.  Is  that  what  you  hear  when  you  ramp 
up  on  the  world’s  wide  web  of  information? 

Me  neither. 

With  identity  theft,  scams,  downtime,  and  data  loss  it’s  no  won¬ 
der  there  is  a  push  for  more  confidence,  integrity,  and  availability  in 
computing;  much  like  the  Pythagoreans  —  students  of  the  right  tri¬ 
angle  theory  guy  —  who  wanted  to  bring  order  and  integrity  to  music. 

Pythagoras  of  Samos  and  his  followers  were  musicians  as  well  as 
mathematicians.  Pythagoras  wanted  to  improve  the  music  of  his  day, 
which  he  believed  was  too  hectic.  Who  knew  that  Johnny  Rotten 
and  Sid  Vicious  were  Greek? 

According  to  legend,  Pythagoras  thought  the  sounds  emanating 
from  local  blacksmith’s  anvils  were  beautiful  and  harmonious.  Can’t 
you  see  Pags  in  jeans  and  t-shirt,  arms  out  stretched,  long  hair  flow¬ 
ing  in  the  wind,  humming  the  melody  of  MetaUica’s  Sandman  to  the 
beat  of  the  anvils? 

Pj^thagoras  believed  the  scientific  law  behind  the  anvil  harmony 
could  be  applied  to  music.  He  found  the  anvils  to  be  simple  ratios 
of  each  other;  one  half  the  size  of  the  first,  another  two-thirds  the 
size,  and  so  on.  He  postulated  that  these  ratios  were  the  root  of  the 
rhythmic  harmonics  he  heard  permeating  blacksmith  alley. 

Similar  efforts  eventually  led  to  the  codification  of  classical 
music  using  musical  notation.  The  goal  was  to  improve  musical 
integrity  by  capturing  and  authenticating  the  composer’s  intent  and 
minimize  performance  improvisation  and  interpretation. 

Nineteenth  century  musical  notation  intensified  in  detail  and 
quantity,  giving  rise  to  unintended  consequences.  Improvisation  — 
the  mother  of  musical  invention  —  gradually  evolved  to  a  relatively 
minor  role  in  classical  music,  in  sharp  contrast  to  Japanese  tradi¬ 
tional  music  and  jazz,  where  improvisation  is  central.  Gradually, 
classical  music  developed  into  a  stagnant  genre,  short  on  new  ideas 
and  concepts  and  long  on  repeated  esoteric  interpretations  of  cen¬ 
tury-old  music  from  daisy-pushing  composers  —  great  music  but  not 
new  music.  Granted,  the  modern  classical  music  era  produced 
Debussy,  Rachmaninoff,  Gershwin,  Copland,  and  Bernstein,  but  it 
pales  in  comparison  to  the  heyday  of  the  classical  and  romantic  eras 
that  we  continually  return  to. 

Ironically,  improvisation  played  an  important  role  in  classical 
music  development  during  the  Baroque  period  in  the  form  of  the 
cadenza.  No,  not  the  legless  renaissance  sideboard  your  grandmoth¬ 
er  has  in  her  parlor;  that  is  a  credenza.  A  cadenza  is  a  passage  found 


mostly  in  concertos  designed  to  allow  virmoso  artists  to  exhibit  their 
skills.  Traditionally,  the  cadenza  was  improvised  by  the  composer  or 
a  virtuoso  artist  to  make  each  performance  unique  and  spawn  new 
musical  concepts  in  the  process. 

Go  back  to  Bach’s  Brandenburg  Concerto  #3  and  compare  the 
first  and  third  movements  with  the  second.  The  second  is  more 
sedate  and  drab  with  two  slow  chords.  It  is  believed  that  this  was  the 
cadenza  where  Bach  expected  one  or  more  of  the  musicians  to 
improvise  over  those  chords.  However,  a  drive  for  more  consisten¬ 
cy  led  to  the  cadenza  being  written  by  the  composer  or  the  virmoso 
beforehand,  curbing  spontaneity  and  creativity. 

So,  which  way  will  the  modern  day  Pythagoreans  take  us  with 
lA?  Will  their  controls  stagnate  or  liberate?  Yes,  information  access 
must  be  certified;  data  cannot  be  changed  without  proper  autho¬ 
rization;  users  and  objects  need  to  be  genuine  -  not  forged;  infor¬ 
mation,  systems,  and  security  need  to  be  available  and  functioning 
and,  yes,  we  need  to  limit  transaction  repudiation.  However,  as  we 
implement  these  safeguards,  please  remember  balance. 

Remember  —  your  engineers  grew  up  connected  and  mobile. 
They  do  more  with  a  cell  phone  than  you  do  with  your  laptop.  They 
have  passion  and  dreams  they  want  to  pursue  on  the  fly  through 
social  and  professional  networks.  Don’t  stifle  that  energy;  harness  it. 

Be  safe,  be  protective,  and  add  structure  and  integrity  to  your 
systems.  However,  when  your  staff’s  passion  goes  from  Edelweiss 
[I]  to  Kewpie  Station  [2],  be  sure  your  protective  strucmres  fan, 
rather  than  extinguish,  the  flames  of  innovation  and  ingenuity. 
Design  engineering  cadenzas  in  your  process  for  your  virtuosos  to 
create,  improvise,  and  dazzle  your  customer. 

Remember,  the  intent  of  information,  like  music,  is  to  connect 
people.  The  music  is  all  around  us;  all  you  have  to  do  is  listen  [3] . 

— Gary  A.  Petersen 

Arrowpoint  Solutions,  Inc. 
gp  eter  s  en@arrowpoint.  us 
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Can  You  BACKTalk? 

Here  is  your  chance  to  make  your  point,  even  if  it  is  a  bit 
tongue-in-cheek,  without  your  boss  censoring  your  writing.  In 
addition  to  accepting  articles  that  relate  to  software  engineer¬ 
ing  for  publication  in  CROSSTALK,  we  also  accept  articles  for 
the  BackTalk  column.  BackTalk  articles  should  provide  a 
concise,  clever,  humorous,  and  insightful  perspective  on  the 
software  engineering  profession  or  industry  or  a  portion  of  it. 
Your  BackTalk  article  should  be  entertaining  and  clever  or 
original  in  concept,  design,  or  delivery.  The  length  should  not 
exceed  750  words. 

For  a  complete  author’s  packet  detailing  how  to  submit 
your  BackTalk  article,  visit  our  Web  site  at 
<www.stsc.hill.afmil>. 
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